GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
99 advisories
Filter by severity
Potential Remote Code Execution vulnerability
High
CVE-2020-15227
was published
for
nette/application
(Composer)
Oct 2, 2020
Grav's Twig processing allowing dangerous PHP functions by default
High
CVE-2021-29440
was published
for
getgrav/grav
(Composer)
Apr 16, 2021
Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial
High
CVE-2021-29472
was published
for
composer/composer
(Composer)
Apr 29, 2021
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows
High
CVE-2021-34551
was published
for
phpmailer/phpmailer
(Composer)
Jun 22, 2021
October/System authenticated file write leads to remote code execution
High
CVE-2021-32649
was published
for
october/system
(Composer)
Jan 14, 2022
october/system arbitrary code execution
High
CVE-2021-32650
was published
for
october/system
(Composer)
Jan 14, 2022
Code Injection in microweber
High
CVE-2022-0282
was published
for
microweber/microweber
(Composer)
Jan 21, 2022
Mustache remote code injection vulnerability
High
CVE-2022-0323
was published
for
mustache/mustache
(Composer)
Jan 27, 2022
Code injection in dolibarr/dolibarr
High
CVE-2022-0819
was published
for
dolibarr/dolibarr
(Composer)
Mar 3, 2022
Improper Neutralization of Special Elements Used in a Template Engine in microweber
High
CVE-2022-0896
was published
for
microweber/microweber
(Composer)
Mar 10, 2022
Static Code Injection in Microweber
High
CVE-2022-0895
was published
for
microweber/microweber
(Composer)
Mar 11, 2022
Server-side Template Injection in nystudio107/craft-seomatic
High
CVE-2021-44618
was published
for
nystudio107/craft-seomatic
(Composer)
Mar 12, 2022
Missing input validation can lead to command execution in composer
High
CVE-2022-24828
was published
for
composer/composer
(Composer)
Apr 22, 2022
TYPO3 Backend Command Injection via Shell Metacharacters in Uploaded File Name
High
CVE-2009-3631
was published
for
typo3/cms-backend
(Composer)
May 2, 2022
Moodle vulnerable to PHP object injection attacks
High
CVE-2014-3541
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle calculated question type allows remote code execution by Question authors
High
CVE-2018-1133
was published
for
moodle/moodle
(Composer)
May 13, 2022
SEOmatic plugin for Craft CMS SSTI Vulnerability
High
CVE-2018-14716
was published
for
nystudio107/craft-seomatic
(Composer)
May 13, 2022
Moodle XML import of ddwtos could lead to intentional remote code execution
High
CVE-2018-14630
was published
for
moodle/moodle
(Composer)
May 13, 2022
MAGMI plugin for Magento Unsafe File Upload
High
CVE-2014-8770
was published
for
dweeves/magmi
(Composer)
May 14, 2022
Code Injection in baserCMS
High
CVE-2017-10844
was published
for
baserproject/basercms
(Composer)
May 14, 2022
PrestaShop PHP Object Injection
High
CVE-2018-20717
was published
for
prestashop/prestashop
(Composer)
May 14, 2022
PHPMailer susceptible to arbitrary code execution
High
CVE-2008-5619
was published
for
phpmailer/phpmailer
(Composer)
May 14, 2022
phpMyAdmin vulnerable to static code injection
High
CVE-2011-2506
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API