GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
54 advisories
Filter by severity
Argument injection in a MimeTypeGuesser in Symfony
High
CVE-2019-18888
was published
for
symfony/http-foundation
(Composer)
Dec 2, 2019
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
High
CVE-2020-15098
was published
for
typo3/cms
(Composer)
Jul 29, 2020
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
High
CVE-2020-15099
was published
for
typo3/cms
(Composer)
Jul 29, 2020
Broken Access Control in Form Framework
High
CVE-2021-21357
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Improper Input Validation in Centreon Web
High
CVE-2019-16405
was published
for
centreon/centreon
(Composer)
Jul 28, 2021
Data Flow Sanitation Issue Fix
High
CVE-2021-32759
was published
for
openmage/magento-lts
(Composer)
Aug 30, 2021
YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number
High
CVE-2021-4111
was published
for
yetiforce/yetiforce-crm
(Composer)
Dec 16, 2021
Access to restricted PHP code by dynamic static class access in smarty
High
CVE-2021-21408
was published
for
smarty/smarty
(Composer)
Jan 12, 2022
Improper input validation in Drupal core
High
CVE-2022-25271
was published
for
drupal/core
(Composer)
Feb 18, 2022
NaN/INF in serverbound movement packets can crash clients and servers
High
GHSA-fm35-jgg3-3grx
was published
for
pocketmine/pocketmine-mp
(Composer)
Mar 18, 2022
Missing input validation can lead to command execution in composer
High
CVE-2022-24828
was published
for
composer/composer
(Composer)
Apr 22, 2022
Insufficient type validation in pocketmine/pocketmine-mp
High
GHSA-g5rr-p69h-7v3g
was published
for
pocketmine/pocketmine-mp
(Composer)
Apr 22, 2022
Indexed Search Engine for TYPO3 Command Execution via Metacharacter Injection
High
CVE-2009-0258
was published
for
typo3/cms
(Composer)
May 2, 2022
phpMyAdmin HTTP Response Splitting Vulnerability
High
CVE-2009-1149
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 2, 2022
Symfony collectionCascaded and collectionCascadedDeeply fields security bypass
High
CVE-2013-4751
was published
for
symfony/symfony
(Composer)
May 5, 2022
Moodle XSS Vulnerability
High
CVE-2018-10891
was published
for
moodle/moodle
(Composer)
May 13, 2022
SimpleSAMLphp Authentication context bypass in the multiauth module
High
CVE-2017-12869
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 14, 2022
SimpleSAMLphp InfoCard module Incorrect signature verification
High
CVE-2017-12874
was published
for
simplesamlphp/simplesamlphp-module-infocard
(Composer)
May 14, 2022
phpMyAdmin DoS Vulnerability
High
CVE-2017-1000018
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
phpMyAdmin DoS Vulnerability
High
CVE-2017-1000014
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
CakePHP allows remote attackers to spoof their IP
High
CVE-2016-4793
was published
for
cakephp/cakephp
(Composer)
May 14, 2022
Symfony Host Header Injection
High
CVE-2018-14774
was published
for
symfony/symfony
(Composer)
May 14, 2022
Moodle Portfolio script allows instantiation of class chosen by user
High
CVE-2018-1137
was published
for
moodle/moodle
(Composer)
May 14, 2022
CodeIgniter HTTP Header Injection
High
CVE-2017-1000247
was published
for
codeigniter4/framework
(Composer)
May 17, 2022
phpMyAdmin Cookie attribute injection attack
High
CVE-2017-1000016
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API