GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Critical
GHSA-jjx7-8462-w4m4
was published
for
drupal/drupal
(Composer)
May 15, 2024
Moodle PostScript Code Injection
Critical
CVE-2022-35649
was published
for
moodle/moodle
(Composer)
Jul 26, 2022
sr_freecap for Typo3 RCE Vulnerability
Critical
CVE-2019-16699
was published
for
sjbr/sr-freecap
(Composer)
May 24, 2022
Shopware RCE Vulnerability
Critical
CVE-2016-3109
was published
for
shopware/shopware
(Composer)
May 14, 2022
Elefant CMS Improper Input Validation
Critical
CVE-2018-15601
was published
for
elefant/cms
(Composer)
May 14, 2022
Drupal Core Remote Code Execution Vulnerability
Critical
CVE-2018-7600
was published
for
drupal/core
(Composer)
May 14, 2022
Codiad remote code execution vulnerability
Critical
CVE-2018-14009
was published
for
codiad/codiad
(Composer)
May 13, 2022
Smarty3 Arbitrary PHP Code Execution
Critical
CVE-2011-1028
was published
for
smarty/smarty
(Composer)
Apr 22, 2022
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors()
Critical
CVE-2020-13756
was published
for
sabberworm/php-css-parser
(Composer)
Mar 26, 2022
Remote CLI Command Execution Vulnerability in CodeIgniter4
Critical
CVE-2022-24711
was published
for
codeigniter4/framework
(Composer)
Mar 1, 2022
Magento improper input validation vulnerability
Critical
CVE-2022-24086
was published
for
magento/community-edition
(Composer)
Feb 17, 2022
Arbitrary PHP code execution in Drupal
Critical
CVE-2019-6339
was published
for
drupal/core
(Composer)
Jan 6, 2022
Moodle vulnerable to RCE via unsafe deserialization
Critical
CVE-2021-3943
was published
for
moodle/moodle
(Composer)
Nov 23, 2021
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain
Critical
CVE-2021-30492
was published
for
zendesk/zendesk_api_client_php
(Composer)
Apr 29, 2021
Potential Remote Code Execution in TYPO3 with mediace extension
Critical
CVE-2020-15086
was published
for
friendsoftypo3/mediace
(Composer)
Jul 29, 2020
ProTip!
Advisories are also available from the
GraphQL API