Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,109
Maven
5,000+
npm
3,765
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
887
Swift
37
Unreviewed advisories
All unreviewed
5,000+

478 advisories

Loading
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE Critical
GHSA-97m3-52wr-xvv2 was published for phenx/php-svg-lib (Composer) Feb 22, 2024
Blaklis ErwanGuillon
bsweeney
Deserialization of Untrusted Data in Torrentpier Critical
CVE-2024-1651 was published for torrentpier/torrentpier (Composer) Feb 20, 2024
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions Critical
CVE-2024-25108 was published for pixelfed/pixelfed (Composer) Feb 12, 2024
ThisIsMissEm nivenly-foundation
Blind SQL injection in shopware Critical
CVE-2024-22406 was published for shopware/core (Composer) Jan 17, 2024
Drupal Improper Access Control Critical
CVE-2019-6342 was published for drupal/core (Composer) Jan 11, 2024
WWBN AVideo Insufficient Entropy vulnerbaility Critical
CVE-2023-49599 was published for wwbn/avideo (Composer) Jan 10, 2024
plotly.js prototype pollution vulnerability Critical
CVE-2023-46308 was published for plotly.js (Composer) Jan 3, 2024
PHPMemcachedAdmin Path Traversal vulnerability Critical
CVE-2023-6026 was published for elijaa/phpmemcacheadmin (Composer) Nov 30, 2023
October CMS safe mode bypass using Twig sandbox escape Critical
CVE-2023-44382 was published for october/system (Composer) Nov 29, 2023
whatev3n
Froxlor Improper Input Validation vulnerability Critical
CVE-2023-6069 was published for froxlor/froxlor (Composer) Nov 10, 2023
Json response for search reveals Solr credentials Critical
GHSA-7crc-r3wg-cfgf was published for ezsystems/ezplatform-solr-search-engine (Composer) Nov 3, 2023
Json response for search reveals Solr credentials Critical
GHSA-v6xp-ccvx-w52m was published for ibexa/solr (Composer) Nov 3, 2023
Cachet vulnerable to Authenticated Remote Code Execution Critical
CVE-2023-43661 was published for cachethq/cachet (Composer) Oct 16, 2023
rive-n
phpMyFAQ Cross-site Scripting vulnerability Critical
CVE-2023-5320 was published for thorsten/phpmyfaq (Composer) Sep 30, 2023
phpMyFAQ Cross-site Scripting vulnerability Critical
CVE-2023-5316 was published for thorsten/phpmyfaq (Composer) Sep 30, 2023
Cache poisoning in drupal/core Critical
CVE-2023-5256 was published for drupal/core (Composer) Sep 28, 2023
westonsteimel
Yii2 allows attackers to execute any local .php file via a relative path in the view parameter Critical
CVE-2015-5467 was published for yiisoft/yii2 (Composer) Sep 21, 2023
Cross Site Scripting vulnerability in Dolibarr ERP CRM Critical
CVE-2023-38888 was published for dolibarr/dolibarr (Composer) Sep 20, 2023
Craft CMS Remote Code Execution vulnerability Critical
CVE-2023-41892 was published for craftcms/cms (Composer) Sep 13, 2023
zonia3000
Snappy PHAR deserialization vulnerability Critical
CVE-2023-41330 was published for knplabs/knp-snappy (Composer) Sep 8, 2023
PrestaShop SQL manager vulnerability Critical
CVE-2023-39526 was published for prestashop/prestashop (Composer) Aug 9, 2023
Cockpit PHP Remote File Inclusion vulnerability Critical
CVE-2023-4195 was published for cockpit-hq/cockpit (Composer) Aug 6, 2023
PyroCMS remote code execution vulnerability Critical
CVE-2023-29689 was published for pyrocms/pyrocms (Composer) Aug 4, 2023
RaspAP Command Injection vulnerability Critical
CVE-2022-39986 was published for billz/raspap-webgui (Composer) Aug 1, 2023
MarkLee131
Froxlor vulnerable to Improper Encoding or Escaping of Output Critical
CVE-2023-3668 was published for froxlor/froxlor (Composer) Jul 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database