GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,793
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,004
NuGet
720
pip
3,803
Pub
12
RubyGems
927
Rust
985
Swift
38
Unreviewed advisories
All unreviewed
5,000+
507 advisories
Filter by severity
ThinkAdmin Administrator cookies still working after password change
Critical
CVE-2019-11018
was published
for
zoujingli/thinkadmin
(Composer)
May 13, 2022
Joomla! Object Injection Vulnerability
Critical
CVE-2019-7743
was published
for
joomla/joomla-cms
(Composer)
May 13, 2022
elFinder command injection vulnerability in the PHP connector
Critical
CVE-2019-9194
was published
for
studio-42/elfinder
(Composer)
May 13, 2022
Akeneo PIM vulnerable to shell injection in the mass edition
Critical
CVE-2017-1000009
was published
for
akeneo/pim-community-dev
(Composer)
May 13, 2022
October CMS File Upload Vulnerability
Critical
CVE-2017-1000194
was published
for
october/october
(Composer)
May 13, 2022
Moodle Blind SSRF Risk in /badges/mybackpack.php
Critical
CVE-2019-3809
was published
for
moodle/moodle
(Composer)
May 13, 2022
Anchor CMS Logs Credentials
Critical
CVE-2018-7251
was published
for
anchorcms/anchor-cms
(Composer)
May 13, 2022
Codiad Vulnerable to Shell Command Injection
Critical
CVE-2017-11366
was published
for
codiad/codiad
(Composer)
May 13, 2022
phpMyAdmin Improper Privilege Management
Critical
CVE-2017-18264
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 13, 2022
Drupal Entity access bypass for entities that do not have UUIDs or have protected revisions
Critical
CVE-2017-6925
was published
for
drupal/core
(Composer)
May 13, 2022
SimpleSAMLphp Use of insecure connection charset (sqlauth module)
Critical
CVE-2018-6521
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 13, 2022
Account takeover in facturascripts
Critical
CVE-2022-1715
was published
for
facturascripts/facturascripts
(Composer)
May 14, 2022
Centreon allows SNMP trap SQL Injection
Critical
CVE-2018-19281
was published
for
centreon/centreon
(Composer)
May 14, 2022
phpWhois arbitrary code execution via a crafted whois record
Critical
CVE-2015-5243
was published
for
brightlocal/phpwhois
(Composer)
May 14, 2022
Contao Does Not Invalidate Existing Sessions When Password Changes
Critical
CVE-2019-10641
was published
for
contao/contao
(Composer)
May 14, 2022
Silverstripe Framework SQLi Vulnerability
Critical
CVE-2019-5715
was published
for
silverstripe/framework
(Composer)
May 14, 2022
baserCMS SQL Injection vulnerability
Critical
CVE-2017-10842
was published
for
baserproject/basercms
(Composer)
May 14, 2022
Dolibarr SQL injection via the integer parameters qty and value_unit
Critical
CVE-2018-16809
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Drupal Core Remote Code Execution Vulnerability
Critical
CVE-2018-7600
was published
for
drupal/core
(Composer)
May 14, 2022
Laravel Framework Deserialization Vulnerability
Critical
CVE-2019-9081
was published
for
laravel/framework
(Composer)
May 14, 2022
phpMyAdmin SQL injection in Designer feature
Critical
CVE-2019-6798
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
FineUploader php-traditional-server unauthenticated arbitrary file upload vulnerability
Critical
CVE-2018-9209
was published
for
fineuploader/php-traditional-server
(Composer)
May 14, 2022
ThinkPHP SQLi Vulnerability
Critical
CVE-2018-18546
was published
for
topthink/framework
(Composer)
May 14, 2022
ThinkPHP SQLi Vulnerability
Critical
CVE-2018-18529
was published
for
topthink/framework
(Composer)
May 14, 2022
ThinkPHP SQLi Vulnerability
Critical
CVE-2018-18530
was published
for
topthink/framework
(Composer)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API