Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,109 advisories

Loading
Symfony vulnerable to command execution hijack on Windows with Process class High
CVE-2024-51736 was published for symfony/process (Composer) Nov 6, 2024
nicolas-grekas
raspap-webgui vulnerable to denial of service High
CVE-2024-28754 was published for billz/raspap-webgui (Composer) Mar 9, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments High
CVE-2024-34002 was published for moodle/moodle (Composer) May 31, 2024
YesWiki Uses a Broken or Risky Cryptographic Algorithm High
CVE-2024-51478 was published for yeswiki/yeswiki (Composer) Oct 31, 2024
Nishacid
Laravel Reverb Missing API Signature Verification High
CVE-2024-50347 was published for laravel/reverb (Composer) Oct 31, 2024
RobertBoes
SQL injection in funadmin High
CVE-2024-48230 was published for funadmin/funadmin (Composer) Oct 25, 2024
SQL injection in funadmin High
CVE-2024-48226 was published for funadmin/funadmin (Composer) Oct 25, 2024
SQL injection in funadmin High
CVE-2024-48225 was published for funadmin/funadmin (Composer) Oct 25, 2024
SQL injection in funadmin High
CVE-2024-48224 was published for funadmin/funadmin (Composer) Oct 25, 2024
SQL injection in funadmin High
CVE-2024-48223 was published for funadmin/funadmin (Composer) Oct 25, 2024
SQL injection in funadmin High
CVE-2024-48222 was published for funadmin/funadmin (Composer) Oct 25, 2024
SQL injection in funadmin High
CVE-2024-48218 was published for funadmin/funadmin (Composer) Oct 25, 2024
ThinkPHP deserialization vulnerability High
CVE-2024-48112 was published for topthink/thinkphp (Composer) Oct 30, 2024
MediaWiki Denial of Service vulnerability High
CVE-2023-45363 was published for mediawiki/core (Composer) Oct 9, 2023
Rudloff
Drupal has open redirect vulnerability in the Overlay module High
CVE-2013-6389 was published for drupal/drupal (Composer) May 17, 2022
Rudloff
phpBB 3.0.7 allows remote attackers to bypass intended access restrictions High
CVE-2010-1627 was published for phpbb/phpbb (Composer) May 17, 2022
Rudloff
phpBB vulnerability related to use of "forum id" in circumstances related to a "global announcement." High
CVE-2010-1630 was published for phpbb/phpbb (Composer) May 17, 2022
Rudloff
phpBB vulnerable to sensitive information disclosure High
CVE-2008-6507 was published for phpbb/phpbb (Composer) May 17, 2022
Rudloff
Logic flaw in Funadmin High
CVE-2024-48227 was published for funadmin/funadmin (Composer) Oct 25, 2024
SQL injection in funadmin High
CVE-2024-48229 was published for funadmin/funadmin (Composer) Oct 25, 2024
Studio 42 elFinder vulnerable to Incorrect Access Control High
CVE-2024-38909 was published for studio-42/elfinder (Composer) Jul 30, 2024
Remote code execution in php-heic-to-jpg High
CVE-2024-48514 was published for maestroerror/php-heic-to-jpg (Composer) Oct 24, 2024
SQL injection in funadmin High
CVE-2024-48231 was published for funadmin/funadmin (Composer) Oct 21, 2024
NULL Pointer Dereference in Protocol Buffers High
CVE-2021-22570 was published for Google.Protobuf (Composer) Jan 27, 2022
joshbressers
protobuf susceptible to buffer overflow High
CVE-2015-5237 was published for Google.Protobuf (Composer) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database