GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
149 advisories
Filter by severity
SMTP Injection in PHPMailer
Low
CVE-2015-8476
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
NaN/INF in serverbound movement packets can crash clients and servers
High
GHSA-fm35-jgg3-3grx
was published
for
pocketmine/pocketmine-mp
(Composer)
Mar 18, 2022
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain
Critical
CVE-2021-30492
was published
for
zendesk/zendesk_api_client_php
(Composer)
Apr 29, 2021
Insufficient type validation in pocketmine/pocketmine-mp
High
GHSA-g5rr-p69h-7v3g
was published
for
pocketmine/pocketmine-mp
(Composer)
Apr 22, 2022
Shopware has Improper Input Validation issue in newsletter subscription
Moderate
CVE-2023-22734
was published
for
shopware/core
(Composer)
Jan 20, 2023
Shopware vulnerable to Improper Input Validation of Clearance sale in cart
Moderate
CVE-2023-22730
was published
for
shopware/core
(Composer)
Jan 17, 2023
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
Moderate
CVE-2022-36032
was published
for
react/http
(Composer)
Sep 16, 2022
YetiForceCRM is vulnerable to Business Logic Errors in the weight of a product
Moderate
CVE-2021-4117
was published
for
yetiforce/yetiforce-crm
(Composer)
Dec 16, 2021
YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number
High
CVE-2021-4111
was published
for
yetiforce/yetiforce-crm
(Composer)
Dec 16, 2021
CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code
High
CVE-2010-4335
was published
for
cakephp/cakephp
(Composer)
May 17, 2022
Improper Input Validation in Firefly III
Low
CVE-2019-14671
was published
for
grumpydictator/firefly-iii
(Composer)
Sep 8, 2021
Improper Input Validation in Centreon Web
High
CVE-2019-16405
was published
for
centreon/centreon
(Composer)
Jul 28, 2021
Data Flow Sanitation Issue Fix
High
CVE-2021-32759
was published
for
openmage/magento-lts
(Composer)
Aug 30, 2021
Manipulation of product reviews via API
Moderate
CVE-2021-37707
was published
for
shopware/core
(Composer)
Aug 30, 2021
Improper input validation in Drupal core
High
CVE-2022-25271
was published
for
drupal/core
(Composer)
Feb 18, 2022
Crypt_GPG does not prevent additional options in GPG calls
Moderate
CVE-2022-24953
was published
for
pear/crypt_gpg
(Composer)
Feb 18, 2022
Moodle Improper Input Validation vulnerability
Moderate
CVE-2021-36402
was published
for
moodle/moodle
(Composer)
Mar 7, 2023
Browsershot does not validate URL protocols passed to Browsershot URL method
High
CVE-2022-41706
was published
for
spatie/browsershot
(Composer)
Nov 25, 2022
Firefly III vulnerable to improper input validation
Moderate
CVE-2023-1789
was published
for
grumpydictator/firefly-iii
(Composer)
Apr 1, 2023
phpMyFAQ vulnerable to improper input validation
Moderate
CVE-2023-1754
was published
for
thorsten/phpmyfaq
(Composer)
Mar 31, 2023
Browsershot version 3.57.3 vulnerable to improper input validation
Moderate
CVE-2022-43984
was published
for
spatie/browsershot
(Composer)
Nov 25, 2022
CakePHP allows remote attackers to spoof their IP
High
CVE-2016-4793
was published
for
cakephp/cakephp
(Composer)
May 14, 2022
XMPP Clients User Impersonation Vulnerability in Movim Moxl
Moderate
CVE-2017-5605
was published
for
movim/moxl
(Composer)
May 17, 2022
Moodle vulnerable to RCE via unsafe deserialization
Critical
CVE-2021-3943
was published
for
moodle/moodle
(Composer)
Nov 23, 2021
Logic error in dolibarr
Moderate
CVE-2022-0174
was published
for
dolibarr/dolibarr
(Composer)
Jan 12, 2022
ProTip!
Advisories are also available from the
GraphQL API