Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

460 advisories

Loading
Authentication Bypass in ADOdb/ADOdb Critical
CVE-2021-3850 was published for adodb/adodb-php (Composer) Jan 27, 2022
meme-lord dregad
SQL injection in Moodle Critical
CVE-2022-0332 was published for moodle/moodle (Composer) Jan 28, 2022
SQL injection in Dolibarr Critical
CVE-2022-4093 was published for dolibarr/dolibarr (Composer) Nov 21, 2022
Server Side Twig Template Injection Critical
CVE-2022-21686 was published for prestashop/prestashop (Composer) Jan 27, 2022
Brum3ns
Path Traversal in ImpressCMS Critical
CVE-2022-24977 was published for impresscms/impresscms (Composer) Feb 15, 2022
Unrestricted Upload of File with Dangerous Type in Drupal core Critical
CVE-2020-13675 was published for drupal/core (Composer) Feb 12, 2022
Code injection in ezsystems/ezpublish-kernel Critical
CVE-2022-25337 was published for ezsystems/ezpublish-kernel (Composer) Feb 19, 2022
SQL injection in francoisjacquet/rosariosis Critical
CVE-2021-44567 was published for francoisjacquet/rosariosis (Composer) Feb 25, 2022
Prototype Pollution in litespeed.js and appwrite/server-ce Critical
CVE-2021-23682 was published for appwrite/server-ce (Composer) Feb 17, 2022
Exposure of Private Personal Information to an Unauthorized Actor in alextselegidis/easyappointments Critical
CVE-2022-0482 was published for alextselegidis/easyappointments (Composer) Mar 10, 2022
Arbitrary file delete in ectouch/ectouch Critical
CVE-2022-25098 was published for ectouch/ectouch (Composer) Feb 25, 2022
TYPO3 vulnerable to Insufficient Session Expiration Critical
CVE-2022-47406 was published for derhansen/fe_change_pwd (Composer) Dec 14, 2022
XpressEngine vulnerable to Unrestricted Upload of File with Dangerous Type Critical
CVE-2021-26642 was published for xpressengine/xpressengine (Composer) Jan 20, 2023
Deserialization of Untrusted Data in thinkphp Critical
CVE-2022-45982 was published for topthink/think (Composer) Feb 8, 2023
Firebase PHP-JWT key/algorithm type confusion Critical
CVE-2021-46743 was published for firebase/php-jwt (Composer) Mar 30, 2022
llupa
Cross-site Scripting in kimai/kimai Critical
CVE-2020-19825 was published for kimai/kimai (Composer) Feb 16, 2023
Command Injection in thorsten/phpmyfaq Critical
CVE-2023-0789 was published for thorsten/phpmyfaq (Composer) Feb 12, 2023
Code Injection in thorsten/phpmyfaq Critical
CVE-2023-0788 was published for thorsten/phpmyfaq (Composer) Feb 12, 2023
URI validation failure on SVG parsing. Bypass of CVE-2023-23924 Critical
CVE-2023-24813 was published for dompdf/dompdf (Composer) Feb 7, 2023
Ry0taK
Moodle SQL Injection vulnerability Critical
CVE-2021-36393 was published for moodle/moodle (Composer) Mar 6, 2023
Moodle SQL Injection vulnerability Critical
CVE-2021-36392 was published for moodle/moodle (Composer) Mar 6, 2023
Easy!Appointments uses hard-coded credentials Critical
CVE-2023-1269 was published for alextselegidis/easyappointments (Composer) Mar 8, 2023
SQL Injection in Funadmin Critical
CVE-2023-24780 was published for funadmin/funadmin (Composer) Mar 8, 2023
SQL Injection in Funadmin Critical
CVE-2023-24777 was published for funadmin/funadmin (Composer) Mar 9, 2023
SQL Injection in Funadmin Critical
CVE-2023-24773 was published for funadmin/funadmin (Composer) Mar 8, 2023
ProTip! Advisories are also available from the GraphQL API