GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
460 advisories
Filter by severity
Unrestricted Upload of File with Dangerous Type in Zenario CMS
Critical
CVE-2021-42171
was published
for
tribalsystems/zenario
(Composer)
Mar 15, 2022
Cross-site Scripting in showdoc/showdoc
Critical
CVE-2022-0960
was published
for
showdoc/showdoc
(Composer)
Mar 15, 2022
DQL injection through sorting parameters blocked
Critical
CVE-2022-24752
was published
for
sylius/grid-bundle
(Composer)
Mar 15, 2022
SQL Injection in WordPress Zero Spam WordPress plugin
Critical
CVE-2022-0254
was published
for
bmarshall511/wordpress_zero_spam
(Composer)
Mar 15, 2022
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views
Critical
CVE-2023-22731
was published
for
shopware/core
(Composer)
Jan 17, 2023
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
Critical
CVE-2023-22727
was published
for
cakephp/cakephp
(Composer)
Jan 20, 2023
phpMyFAQ Improper Authentication vulnerability
Critical
CVE-2023-0311
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
Islandora 2.0 before 2.4.1 could allow any user to upload content into a repository
Critical
GHSA-m58q-qq5h-mgqq
was published
for
islandora/islandora
(Composer)
Jul 21, 2022
Login timing attack in ezsystems/ezplatform-kernel
Critical
GHSA-342c-vcff-2ff2
was published
for
ezsystems/ezplatform-kernel
(Composer)
Jun 2, 2022
Login timing attack in ibexa/core
Critical
GHSA-2x4v-g8cx-jxrq
was published
for
ibexa/core
(Composer)
Jun 2, 2022
Access of Resource Using Incompatible Type ('Type Confusion') in yourls/yourls
Critical
CVE-2019-14537
was published
for
yourls/yourls
(Composer)
Sep 23, 2019
Webcache Poisoning in shopware/platform and shopware/core
Critical
GHSA-r64m-qchj-hrjp
was published
for
shopware/core
(Composer)
Nov 24, 2021
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain
Critical
CVE-2021-30492
was published
for
zendesk/zendesk_api_client_php
(Composer)
Apr 29, 2021
Leak of information via Store-API aggregations in shopware/platform and shopware/core
Critical
GHSA-qg7c-q3vq-rgxr
was published
for
shopware/core
(Composer)
Apr 13, 2021
Leak of information via Store-API
Critical
GHSA-f2vv-h5x4-57gr
was published
for
shopware/platform
(Composer)
Feb 10, 2021
After order payment process manipulation in shopware/platform and shopware/core
Critical
GHSA-88rc-3p98-rgvx
was published
for
shopware/core
(Composer)
Apr 13, 2021
Steam Socialite Provider v1 does not correctly validate openid server
Critical
GHSA-hhw9-35p2-q2c5
was published
for
socialiteproviders/steam
(Composer)
Jan 29, 2021
class.upload.php in verot.net omits .pht from the set of dangerous file extensions
Critical
CVE-2019-19634
was published
for
verot/class.upload.php
(Composer)
Feb 28, 2020
Improper Input Validation in Symfony
Critical
CVE-2019-11325
was published
for
symfony/symfony
(Composer)
Feb 12, 2020
SQL injection in Centreon
Critical
CVE-2019-16194
was published
for
centreon/centreon
(Composer)
Feb 11, 2020
SQL injection in phpMyAdmin
Critical
CVE-2019-18622
was published
for
phpmyadmin/phpmyadmin
(Composer)
Jan 16, 2020
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony
Critical
CVE-2019-10913
was published
for
symfony/http-foundation
(Composer)
Dec 2, 2019
Remote code execution in verot/class.upload.php
Critical
CVE-2019-19576
was published
for
verot/class.upload.php
(Composer)
Jan 16, 2020
SQL Injection in usmanhalalit/pixie
Critical
CVE-2019-10766
was published
for
usmanhalalit/pixie
(Composer)
Nov 20, 2019
eZ Platform users with the Company admin role can assign any role to any user
Critical
GHSA-99r3-xmmq-7q7g
was published
for
ezsystems/ezpublish-kernel
(Composer)
Nov 10, 2022
ProTip!
Advisories are also available from the
GraphQL API