GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,263
Erlang
31
GitHub Actions
21
Go
2,033
Maven
5,000+
npm
3,732
NuGet
662
pip
3,411
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
52 advisories
Filter by severity
NaN/INF in serverbound movement packets can crash clients and servers
High
GHSA-fm35-jgg3-3grx
was published
for
pocketmine/pocketmine-mp
(Composer)
Mar 18, 2022
Insufficient type validation in pocketmine/pocketmine-mp
High
GHSA-g5rr-p69h-7v3g
was published
for
pocketmine/pocketmine-mp
(Composer)
Apr 22, 2022
YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number
High
CVE-2021-4111
was published
for
yetiforce/yetiforce-crm
(Composer)
Dec 16, 2021
CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code
High
CVE-2010-4335
was published
for
cakephp/cakephp
(Composer)
May 17, 2022
Improper Input Validation in Centreon Web
High
CVE-2019-16405
was published
for
centreon/centreon
(Composer)
Jul 28, 2021
Data Flow Sanitation Issue Fix
High
CVE-2021-32759
was published
for
openmage/magento-lts
(Composer)
Aug 30, 2021
Improper input validation in Drupal core
High
CVE-2022-25271
was published
for
drupal/core
(Composer)
Feb 18, 2022
Browsershot does not validate URL protocols passed to Browsershot URL method
High
CVE-2022-41706
was published
for
spatie/browsershot
(Composer)
Nov 25, 2022
CakePHP allows remote attackers to spoof their IP
High
CVE-2016-4793
was published
for
cakephp/cakephp
(Composer)
May 14, 2022
Typo3 Vulnerable to Cache Poisoning
High
CVE-2014-9509
was published
for
typo3/cms
(Composer)
May 17, 2022
Moodle vulnerable to RCE
High
CVE-2020-10738
was published
for
moodle/moodle
(Composer)
May 24, 2022
phpMyAdmin DoS Vulnerability
High
CVE-2017-1000014
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
phpMyAdmin DoS Vulnerability
High
CVE-2017-1000018
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
Moodle XSS Vulnerability
High
CVE-2018-10891
was published
for
moodle/moodle
(Composer)
May 13, 2022
Symfony Host Header Injection
High
CVE-2018-14774
was published
for
symfony/symfony
(Composer)
May 14, 2022
phpMyAdmin DoS Vulnerability
High
CVE-2016-9863
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
HTTP Multiline Header Termination
High
CVE-2023-29530
was published
for
laminas/laminas-diactoros
(Composer)
Apr 24, 2023
Grav Server-side Template Injection (SSTI) via Twig Default Filters
High
CVE-2023-34448
was published
for
getgrav/grav
(Composer)
Jun 16, 2023
Improper input validation in Drupal core
High
CVE-2022-25273
was published
for
drupal/core
(Composer)
Apr 26, 2023
Dolibarr Improper Input Validation vulnerability
High
CVE-2023-4197
was published
for
dolibarr/dolibarr
(Composer)
Nov 1, 2023
OpenCart Path Traversal vulnerability
High
CVE-2023-2315
was published
for
opencart/opencart
(Composer)
Sep 27, 2023
Froxlor username/surname AND company field Bypass
High
CVE-2023-50256
was published
for
froxlor/froxlor
(Composer)
Jan 4, 2024
PrestaShop some attribute not escaped in Validate::isCleanHTML method
High
CVE-2024-21627
was published
for
prestashop/prestashop
(Composer)
Jan 3, 2024
Magento arbitrary PHP code execution via the productData parameter
High
CVE-2015-6497
was published
for
magento/core
(Composer)
May 24, 2022
Indexed Search Engine for TYPO3 Command Execution via Metacharacter Injection
High
CVE-2009-0258
was published
for
typo3/cms
(Composer)
May 2, 2022
ProTip!
Advisories are also available from the
GraphQL API