GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
468 advisories
Filter by severity
elFinder Path Traversal vulnerability
Critical
CVE-2018-9109
was published
for
studio-42/elfinder
(Composer)
May 13, 2022
Deserialization of Untrusted Data in topthink/framework
Critical
CVE-2021-23592
was published
for
topthink/framework
(Composer)
May 7, 2022
Incorrect Permission Assignment for Critical Resource in ShopXO
Critical
CVE-2022-28056
was published
for
shopxo/shopxo
(Composer)
May 3, 2022
Object state limitation has no effect
Critical
GHSA-w8qp-hmh5-4v9v
was published
for
ezsystems/ezplatform-kernel
(Composer)
Apr 29, 2022
Object state limitation has no effect
Critical
GHSA-gvj8-4cj4-h776
was published
for
ibexa/core
(Composer)
Apr 29, 2022
Object state limitation has no effect
Critical
GHSA-5x4f-7xgq-r42x
was published
for
ezsystems/ezpublish-kernel
(Composer)
Apr 29, 2022
Cross site scripting in FacturaScripts
Critical
CVE-2022-1514
was published
for
facturascripts/facturascripts
(Composer)
Apr 29, 2022
Cross site scripting in facturascripts
Critical
CVE-2022-1457
was published
for
neorazorx/facturascripts
(Composer)
Apr 26, 2022
ImpressPages CMS RCE
Critical
CVE-2011-4943
was published
for
impresspages/impresspages
(Composer)
Apr 22, 2022
Drupal SQL Injection vulnerability
Critical
CVE-2011-2715
was published
for
drupal/core
(Composer)
Apr 22, 2022
Typo3 SQL injection due to faulty prepared statements
Critical
CVE-2011-3583
was published
for
typo3/cms
(Composer)
Apr 22, 2022
Smarty3 Arbitrary PHP Code Execution
Critical
CVE-2011-1028
was published
for
smarty/smarty
(Composer)
Apr 22, 2022
Typo3 Authentication Bypass
Critical
CVE-2011-4628
was published
for
typo3/cms
(Composer)
Apr 22, 2022
RCE in Studio-42 elFinder on Windows before 2.1.61
Critical
CVE-2022-27115
was published
for
studio-42/elfinder
(Composer)
Apr 12, 2022
Remote Code Execution in Laravel
Critical
CVE-2021-43503
was published
for
laravel/laravel
(Composer)
Apr 9, 2022
•
withdrawn
elFinder Unrestricted File Upload vulnerability
Critical
CVE-2021-43421
was published
for
studio-42/elfinder
(Composer)
Apr 8, 2022
Remote code injection in dompdf/dompdf
Critical
CVE-2022-28368
was published
for
dompdf/dompdf
(Composer)
Apr 4, 2022
SQL injection in pagekit/pagekit
Critical
CVE-2021-44135
was published
for
pagekit/pagekit
(Composer)
Apr 2, 2022
Variable Tampering within joomla/input class
Critical
CVE-2022-23799
was published
for
joomla/input
(Composer)
Mar 31, 2022
Firebase PHP-JWT key/algorithm type confusion
Critical
CVE-2021-46743
was published
for
firebase/php-jwt
(Composer)
Mar 30, 2022
SQL Injection in ImpressCMS
Critical
CVE-2021-26599
was published
for
impresscms/impresscms
(Composer)
Mar 29, 2022
Type Confusion in ImpressCMS
Critical
CVE-2021-26600
was published
for
impresscms/impresscms
(Composer)
Mar 29, 2022
Sandbox bypass in fenom
Critical
CVE-2021-46433
was published
for
fenom/fenom
(Composer)
Mar 29, 2022
Code Injection in PHPUnit
Critical
CVE-2017-9841
was published
for
phpunit/phpunit
(Composer)
Mar 26, 2022
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors()
Critical
CVE-2020-13756
was published
for
sabberworm/php-css-parser
(Composer)
Mar 26, 2022
ProTip!
Advisories are also available from the
GraphQL API