GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,968 advisories
Filter by severity
Internal exception message exposure for login action in Sylius
Low
CVE-2019-16768
was published
for
sylius/sylius
(Composer)
Dec 5, 2019
Local file disclosure in PHPMailer
Moderate
CVE-2017-5223
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
class.upload.php in verot.net omits .pht from the set of dangerous file extensions
Critical
CVE-2019-19634
was published
for
verot/class.upload.php
(Composer)
Feb 28, 2020
Private data exposure via REST API in BuddyPress
High
CVE-2020-5244
was published
for
buddypress/buddypress
(Composer)
Feb 24, 2020
Sanitizer bypass in svg-sanitizer
Moderate
CVE-2019-10772
was published
for
enshrined/svg-sanitize
(Composer)
Feb 27, 2020
Improper Input Validation in Symfony
Critical
CVE-2019-11325
was published
for
symfony/symfony
(Composer)
Feb 12, 2020
Use of insecure jQuery version in OctoberCMS
Moderate
GHSA-v73w-r9xg-7cr9
was published
for
october/october
(Composer)
Jun 5, 2020
Remote Code Execution Through Image Uploads in BookStack
High
CVE-2020-5256
was published
for
ssddanbrown/bookstack
(Composer)
Mar 13, 2020
Cross-site scripting in PHPMailer
Moderate
CVE-2017-11503
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar
Moderate
CVE-2020-11094
was published
for
rainlab/debugbar-plugin
(Composer)
Jun 3, 2020
SMTP Injection in PHPMailer
Low
CVE-2015-8476
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
SQL injection in Centreon
Critical
CVE-2019-16194
was published
for
centreon/centreon
(Composer)
Feb 11, 2020
Cross-Site Scripting in BookStack
Moderate
CVE-2020-11055
was published
for
ssddanbrown/bookstack
(Composer)
May 7, 2020
Ability to switch channels via GET parameter enabled in production environments
Low
CVE-2020-5218
was published
for
sylius/sylius
(Composer)
Jan 31, 2020
PrestaShop module ps_facetedsearch might be vulnerable from CVE-2017-9841
High
GHSA-f884-gm86-cg3q
was published
for
prestashop/ps_facetedsearch
(Composer)
Jan 7, 2020
PrestaShop gamification module ZIP archives were vulnerable from CVE-2017-9841
High
GHSA-769f-539v-f5jg
was published
for
prestashop/gamification
(Composer)
Jan 8, 2020
SQL injection in phpMyAdmin
Critical
CVE-2019-18622
was published
for
phpmyadmin/phpmyadmin
(Composer)
Jan 16, 2020
Persistent XSS vulnerability in filename of attached file in PrivateBin
Moderate
CVE-2020-5223
was published
for
privatebin/privatebin
(Composer)
Jan 14, 2020
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony
Critical
CVE-2019-10913
was published
for
symfony/http-foundation
(Composer)
Dec 2, 2019
Data leakage via SQL Injection in Pimcore
Moderate
CVE-2019-10763
was published
for
pimcore/pimcore
(Composer)
Dec 2, 2019
XSS in enshrined/svg-sanitize due to mishandled script and data values in attributes
High
CVE-2019-18857
was published
for
enshrined/svg-sanitize
(Composer)
Jan 8, 2020
Timing attacks might allow practical recovery of the long-term private key
High
CVE-2019-10764
was published
for
simplito/elliptic-php
(Composer)
Nov 20, 2019
Log injection in SimpleSAMLphp
Low
CVE-2020-5225
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
Link injection in SimpleSAMLphp
Low
GHSA-2r3v-q9x3-7g46
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
ProTip!
Advisories are also available from the
GraphQL API