Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

460 advisories

Loading
Exposure of Sensitive Information to an Unauthorized Actor Critical
CVE-2021-32711 was published for shopware/platform (Composer) Sep 8, 2021
Unrestricted File Upload in ShowDoc v2.9.5 Critical
CVE-2021-36440 was published for showdoc/showdoc (Composer) Sep 9, 2021
Improper Access Control in Webauthn Framework Critical
CVE-2021-38299 was published for web-auth/webauthn-framework (Composer) Sep 29, 2021
Directory Traversal in typo3/phar-stream-wrapper Critical
CVE-2019-11831 was published for drupal/core (Composer) Sep 30, 2021
SQL Injection in topthink/thinkphp Critical
CVE-2020-20120 was published for topthink/thinkphp (Composer) Sep 30, 2021
Critical severity vulnerability in Ignition Critical
CVE-2020-13909 was published for facade/ignition (Composer) Oct 12, 2021
SQL Injection in medoo Critical
CVE-2019-10762 was published for catfan/medoo (Composer) Oct 12, 2021
Showdoc File Upload Vulnerability Critical
CVE-2021-41745 was published for showdoc/showdoc (Composer) Oct 25, 2021
XML External Entity vulnerability in MODX CMS Critical
CVE-2020-25911 was published for modx/revolution (Composer) Nov 1, 2021
DBAL 3 SQL Injection Security Vulnerability Critical
CVE-2021-43608 was published for doctrine/dbal (Composer) Nov 16, 2021
Incorrect Access Control in Ignition Critical
CVE-2021-43996 was published for facade/ignition (Composer) Nov 19, 2021
Moodle vulnerable to RCE via unsafe deserialization Critical
CVE-2021-3943 was published for moodle/moodle (Composer) Nov 23, 2021
Webcache Poisoning in shopware/platform and shopware/core Critical
GHSA-r64m-qchj-hrjp was published for shopware/core (Composer) Nov 24, 2021
OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS Critical
CVE-2021-41243 was published for baserproject/basercms (Composer) Dec 1, 2021
SQL Injection in rosariosis Critical
CVE-2021-44427 was published for francoisjacquet/rosariosis (Composer) Dec 2, 2021
Path manipulation in matyhtf/framework Critical
CVE-2021-43676 was published for matyhtf/framework (Composer) Dec 4, 2021
Rudloff
Deserialization of Untrusted Data in topthink/framework Critical
CVE-2021-36567 was published for topthink/framework (Composer) Dec 7, 2021
jhutchings1
Path traversal in librenms/librenms Critical
CVE-2021-44278 was published for librenms/librenms (Composer) Dec 10, 2021
Deserialization of Untrusted Data in topthink/framework Critical
CVE-2021-36564 was published for topthink/framework (Composer) Dec 10, 2021
ThinkPHP5 SQL Injection vulnerability Critical
CVE-2021-44350 was published for topthink/framework (Composer) Dec 17, 2021
Incorrect Authorization in latte/latte Critical
CVE-2021-23803 was published for latte/latte (Composer) Jan 6, 2022
Arbitrary PHP code execution in Drupal Critical
CVE-2019-6339 was published for drupal/core (Composer) Jan 6, 2022
Authentication Bypass in ADOdb/ADOdb Critical
CVE-2021-3850 was published for adodb/adodb-php (Composer) Jan 27, 2022
meme-lord dregad
Server Side Twig Template Injection Critical
CVE-2022-21686 was published for prestashop/prestashop (Composer) Jan 27, 2022
Brum3ns
SQL injection in Moodle Critical
CVE-2022-0332 was published for moodle/moodle (Composer) Jan 28, 2022
ProTip! Advisories are also available from the GraphQL API