GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
468 advisories
Filter by severity
Path Traversal in Studio-42 elFinder through 2.1.60
Critical
CVE-2022-26960
was published
for
studio-42/elfinder
(Composer)
Mar 22, 2022
Remote Code Execution in Contao Managed Edition
Critical
CVE-2022-26265
was published
for
contao/managed-edition
(Composer)
Mar 20, 2022
Improper Privilege Management in Open Web Analytics
Critical
CVE-2022-24637
was published
for
open-web-analytics/open-web-analytics
(Composer)
Mar 19, 2022
SQL Injection in tribalsystems/zenario
Critical
CVE-2021-26830
was published
for
tribalsystems/zenario
(Composer)
Mar 18, 2022
DQL injection through sorting parameters blocked
Critical
CVE-2022-24752
was published
for
sylius/grid-bundle
(Composer)
Mar 15, 2022
Unrestricted Upload of File with Dangerous Type in Zenario CMS
Critical
CVE-2021-42171
was published
for
tribalsystems/zenario
(Composer)
Mar 15, 2022
SQL Injection in WordPress Zero Spam WordPress plugin
Critical
CVE-2022-0254
was published
for
bmarshall511/wordpress_zero_spam
(Composer)
Mar 15, 2022
Cross-site Scripting in showdoc/showdoc
Critical
CVE-2022-0960
was published
for
showdoc/showdoc
(Composer)
Mar 15, 2022
Exposure of Private Personal Information to an Unauthorized Actor in alextselegidis/easyappointments
Critical
CVE-2022-0482
was published
for
alextselegidis/easyappointments
(Composer)
Mar 10, 2022
Server-Side Request Forgery (SSRF) in rudloff/alltube
Critical
CVE-2022-0768
was published
for
rudloff/alltube
(Composer)
Mar 1, 2022
Remote CLI Command Execution Vulnerability in CodeIgniter4
Critical
CVE-2022-24711
was published
for
codeigniter4/framework
(Composer)
Mar 1, 2022
SQL injection in francoisjacquet/rosariosis
Critical
CVE-2021-44567
was published
for
francoisjacquet/rosariosis
(Composer)
Feb 25, 2022
Arbitrary file delete in ectouch/ectouch
Critical
CVE-2022-25098
was published
for
ectouch/ectouch
(Composer)
Feb 25, 2022
Code injection in ezsystems/ezpublish-kernel
Critical
CVE-2022-25337
was published
for
ezsystems/ezpublish-kernel
(Composer)
Feb 19, 2022
Prototype Pollution in litespeed.js and appwrite/server-ce
Critical
CVE-2021-23682
was published
for
appwrite/server-ce
(Composer)
Feb 17, 2022
Magento improper input validation vulnerability
Critical
CVE-2022-24086
was published
for
magento/community-edition
(Composer)
Feb 17, 2022
Path Traversal in ImpressCMS
Critical
CVE-2022-24977
was published
for
impresscms/impresscms
(Composer)
Feb 15, 2022
Unrestricted Upload of File with Dangerous Type in Drupal core
Critical
CVE-2020-13675
was published
for
drupal/core
(Composer)
Feb 12, 2022
SQL injection in Moodle
Critical
CVE-2022-0332
was published
for
moodle/moodle
(Composer)
Jan 28, 2022
Server Side Twig Template Injection
Critical
CVE-2022-21686
was published
for
prestashop/prestashop
(Composer)
Jan 27, 2022
Authentication Bypass in ADOdb/ADOdb
Critical
CVE-2021-3850
was published
for
adodb/adodb-php
(Composer)
Jan 27, 2022
Arbitrary PHP code execution in Drupal
Critical
CVE-2019-6339
was published
for
drupal/core
(Composer)
Jan 6, 2022
Incorrect Authorization in latte/latte
Critical
CVE-2021-23803
was published
for
latte/latte
(Composer)
Jan 6, 2022
ThinkPHP5 SQL Injection vulnerability
Critical
CVE-2021-44350
was published
for
topthink/framework
(Composer)
Dec 17, 2021
Deserialization of Untrusted Data in topthink/framework
Critical
CVE-2021-36564
was published
for
topthink/framework
(Composer)
Dec 10, 2021
ProTip!
Advisories are also available from the
GraphQL API