GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
149 advisories
Filter by severity
Argument injection in a MimeTypeGuesser in Symfony
High
CVE-2019-18888
was published
for
symfony/http-foundation
(Composer)
Dec 2, 2019
Incorrect signature verification in SimpleSAMLphp
Moderate
CVE-2016-9955
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
SMTP Injection in PHPMailer
Low
CVE-2015-8476
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Potential Remote Code Execution in TYPO3 with mediace extension
Critical
CVE-2020-15086
was published
for
friendsoftypo3/mediace
(Composer)
Jul 29, 2020
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
High
CVE-2020-15098
was published
for
typo3/cms
(Composer)
Jul 29, 2020
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
High
CVE-2020-15099
was published
for
typo3/cms
(Composer)
Jul 29, 2020
Contao Insert tag injection in forms
Moderate
CVE-2020-25768
was published
for
contao/contao
(Composer)
Sep 24, 2020
Broken Access Control in Form Framework
High
CVE-2021-21357
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain
Critical
CVE-2021-30492
was published
for
zendesk/zendesk_api_client_php
(Composer)
Apr 29, 2021
Form validation can be skipped
Moderate
CVE-2021-32697
was published
for
neos/form
(Composer)
Jun 22, 2021
Improper Input Validation in Centreon Web
High
CVE-2019-16405
was published
for
centreon/centreon
(Composer)
Jul 28, 2021
Manipulation of product reviews via API
Moderate
CVE-2021-37707
was published
for
shopware/core
(Composer)
Aug 30, 2021
Data Flow Sanitation Issue Fix
High
CVE-2021-32759
was published
for
openmage/magento-lts
(Composer)
Aug 30, 2021
Improper Input Validation in Firefly III
Low
CVE-2019-14671
was published
for
grumpydictator/firefly-iii
(Composer)
Sep 8, 2021
HTTP Host Header Injection
Moderate
CVE-2021-41114
was published
for
typo3/cms
(Composer)
Oct 5, 2021
Moodle vulnerable to RCE via unsafe deserialization
Critical
CVE-2021-3943
was published
for
moodle/moodle
(Composer)
Nov 23, 2021
YetiForceCRM is vulnerable to Business Logic Errors in the weight of a product
Moderate
CVE-2021-4117
was published
for
yetiforce/yetiforce-crm
(Composer)
Dec 16, 2021
YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number
High
CVE-2021-4111
was published
for
yetiforce/yetiforce-crm
(Composer)
Dec 16, 2021
Arbitrary PHP code execution in Drupal
Critical
CVE-2019-6339
was published
for
drupal/core
(Composer)
Jan 6, 2022
Access to restricted PHP code by dynamic static class access in smarty
High
CVE-2021-21408
was published
for
smarty/smarty
(Composer)
Jan 12, 2022
Logic error in dolibarr
Moderate
CVE-2022-0174
was published
for
dolibarr/dolibarr
(Composer)
Jan 12, 2022
Magento improper input validation vulnerability
Critical
CVE-2022-24086
was published
for
magento/community-edition
(Composer)
Feb 17, 2022
Crypt_GPG does not prevent additional options in GPG calls
Moderate
CVE-2022-24953
was published
for
pear/crypt_gpg
(Composer)
Feb 18, 2022
Improper input validation in Drupal core
High
CVE-2022-25271
was published
for
drupal/core
(Composer)
Feb 18, 2022
Remote CLI Command Execution Vulnerability in CodeIgniter4
Critical
CVE-2022-24711
was published
for
codeigniter4/framework
(Composer)
Mar 1, 2022
ProTip!
Advisories are also available from the
GraphQL API