Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

460 advisories

Loading
Unrestricted Upload of File with Dangerous Type in Drupal core Critical
CVE-2020-13675 was published for drupal/core (Composer) Feb 12, 2022
Path Traversal in ImpressCMS Critical
CVE-2022-24977 was published for impresscms/impresscms (Composer) Feb 15, 2022
Magento improper input validation vulnerability Critical
CVE-2022-24086 was published for magento/community-edition (Composer) Feb 17, 2022
Prototype Pollution in litespeed.js and appwrite/server-ce Critical
CVE-2021-23682 was published for appwrite/server-ce (Composer) Feb 17, 2022
Code injection in ezsystems/ezpublish-kernel Critical
CVE-2022-25337 was published for ezsystems/ezpublish-kernel (Composer) Feb 19, 2022
Arbitrary file delete in ectouch/ectouch Critical
CVE-2022-25098 was published for ectouch/ectouch (Composer) Feb 25, 2022
SQL injection in francoisjacquet/rosariosis Critical
CVE-2021-44567 was published for francoisjacquet/rosariosis (Composer) Feb 25, 2022
Remote CLI Command Execution Vulnerability in CodeIgniter4 Critical
CVE-2022-24711 was published for codeigniter4/framework (Composer) Mar 1, 2022
iRedds
Server-Side Request Forgery (SSRF) in rudloff/alltube Critical
CVE-2022-0768 was published for rudloff/alltube (Composer) Mar 1, 2022
416e6e61
Exposure of Private Personal Information to an Unauthorized Actor in alextselegidis/easyappointments Critical
CVE-2022-0482 was published for alextselegidis/easyappointments (Composer) Mar 10, 2022
Cross-site Scripting in showdoc/showdoc Critical
CVE-2022-0960 was published for showdoc/showdoc (Composer) Mar 15, 2022
SQL Injection in WordPress Zero Spam WordPress plugin Critical
CVE-2022-0254 was published for bmarshall511/wordpress_zero_spam (Composer) Mar 15, 2022
Unrestricted Upload of File with Dangerous Type in Zenario CMS Critical
CVE-2021-42171 was published for tribalsystems/zenario (Composer) Mar 15, 2022
DQL injection through sorting parameters blocked Critical
CVE-2022-24752 was published for sylius/grid-bundle (Composer) Mar 15, 2022
dbalabka
SQL Injection in tribalsystems/zenario Critical
CVE-2021-26830 was published for tribalsystems/zenario (Composer) Mar 18, 2022
Improper Privilege Management in Open Web Analytics Critical
CVE-2022-24637 was published for open-web-analytics/open-web-analytics (Composer) Mar 19, 2022
Remote Code Execution in Contao Managed Edition Critical
CVE-2022-26265 was published for contao/managed-edition (Composer) Mar 20, 2022
Path Traversal in Studio-42 elFinder through 2.1.60 Critical
CVE-2022-26960 was published for studio-42/elfinder (Composer) Mar 22, 2022
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors() Critical
CVE-2020-13756 was published for sabberworm/php-css-parser (Composer) Mar 26, 2022
Code Injection in PHPUnit Critical
CVE-2017-9841 was published for phpunit/phpunit (Composer) Mar 26, 2022
donatj
Sandbox bypass in fenom Critical
CVE-2021-46433 was published for fenom/fenom (Composer) Mar 29, 2022
SQL Injection in ImpressCMS Critical
CVE-2021-26599 was published for impresscms/impresscms (Composer) Mar 29, 2022
Type Confusion in ImpressCMS Critical
CVE-2021-26600 was published for impresscms/impresscms (Composer) Mar 29, 2022
Firebase PHP-JWT key/algorithm type confusion Critical
CVE-2021-46743 was published for firebase/php-jwt (Composer) Mar 30, 2022
llupa
Variable Tampering within joomla/input class Critical
CVE-2022-23799 was published for joomla/input (Composer) Mar 31, 2022
ProTip! Advisories are also available from the GraphQL API