GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
460 advisories
Filter by severity
Exposure of Private Personal Information to an Unauthorized Actor in alextselegidis/easyappointments
Critical
CVE-2022-0482
was published
for
alextselegidis/easyappointments
(Composer)
Mar 10, 2022
Server-Side Request Forgery (SSRF) in rudloff/alltube
Critical
CVE-2022-0768
was published
for
rudloff/alltube
(Composer)
Mar 1, 2022
Remote CLI Command Execution Vulnerability in CodeIgniter4
Critical
CVE-2022-24711
was published
for
codeigniter4/framework
(Composer)
Mar 1, 2022
SQL injection in francoisjacquet/rosariosis
Critical
CVE-2021-44567
was published
for
francoisjacquet/rosariosis
(Composer)
Feb 25, 2022
Arbitrary file delete in ectouch/ectouch
Critical
CVE-2022-25098
was published
for
ectouch/ectouch
(Composer)
Feb 25, 2022
Code injection in ezsystems/ezpublish-kernel
Critical
CVE-2022-25337
was published
for
ezsystems/ezpublish-kernel
(Composer)
Feb 19, 2022
Prototype Pollution in litespeed.js and appwrite/server-ce
Critical
CVE-2021-23682
was published
for
appwrite/server-ce
(Composer)
Feb 17, 2022
Magento improper input validation vulnerability
Critical
CVE-2022-24086
was published
for
magento/community-edition
(Composer)
Feb 17, 2022
Path Traversal in ImpressCMS
Critical
CVE-2022-24977
was published
for
impresscms/impresscms
(Composer)
Feb 15, 2022
Unrestricted Upload of File with Dangerous Type in Drupal core
Critical
CVE-2020-13675
was published
for
drupal/core
(Composer)
Feb 12, 2022
SQL injection in Moodle
Critical
CVE-2022-0332
was published
for
moodle/moodle
(Composer)
Jan 28, 2022
Server Side Twig Template Injection
Critical
CVE-2022-21686
was published
for
prestashop/prestashop
(Composer)
Jan 27, 2022
Authentication Bypass in ADOdb/ADOdb
Critical
CVE-2021-3850
was published
for
adodb/adodb-php
(Composer)
Jan 27, 2022
Arbitrary PHP code execution in Drupal
Critical
CVE-2019-6339
was published
for
drupal/core
(Composer)
Jan 6, 2022
Incorrect Authorization in latte/latte
Critical
CVE-2021-23803
was published
for
latte/latte
(Composer)
Jan 6, 2022
ThinkPHP5 SQL Injection vulnerability
Critical
CVE-2021-44350
was published
for
topthink/framework
(Composer)
Dec 17, 2021
Deserialization of Untrusted Data in topthink/framework
Critical
CVE-2021-36564
was published
for
topthink/framework
(Composer)
Dec 10, 2021
Path traversal in librenms/librenms
Critical
CVE-2021-44278
was published
for
librenms/librenms
(Composer)
Dec 10, 2021
Deserialization of Untrusted Data in topthink/framework
Critical
CVE-2021-36567
was published
for
topthink/framework
(Composer)
Dec 7, 2021
Path manipulation in matyhtf/framework
Critical
CVE-2021-43676
was published
for
matyhtf/framework
(Composer)
Dec 4, 2021
SQL Injection in rosariosis
Critical
CVE-2021-44427
was published
for
francoisjacquet/rosariosis
(Composer)
Dec 2, 2021
OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS
Critical
CVE-2021-41243
was published
for
baserproject/basercms
(Composer)
Dec 1, 2021
Webcache Poisoning in shopware/platform and shopware/core
Critical
GHSA-r64m-qchj-hrjp
was published
for
shopware/core
(Composer)
Nov 24, 2021
Moodle vulnerable to RCE via unsafe deserialization
Critical
CVE-2021-3943
was published
for
moodle/moodle
(Composer)
Nov 23, 2021
Incorrect Access Control in Ignition
Critical
CVE-2021-43996
was published
for
facade/ignition
(Composer)
Nov 19, 2021
ProTip!
Advisories are also available from the
GraphQL API