GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
469 advisories
Filter by severity
SQL Injection in Funadmin
Critical
CVE-2023-24775
was published
for
funadmin/funadmin
(Composer)
Mar 7, 2023
SQL Injection in Funadmin
Critical
CVE-2023-24781
was published
for
funadmin/funadmin
(Composer)
Mar 7, 2023
Moodle SQL Injection vulnerability
Critical
CVE-2021-36392
was published
for
moodle/moodle
(Composer)
Mar 6, 2023
Moodle SQL Injection vulnerability
Critical
CVE-2021-36393
was published
for
moodle/moodle
(Composer)
Mar 6, 2023
Remote code execution in Funadmin
Critical
CVE-2023-24776
was published
for
funadmin/funadmin
(Composer)
Mar 6, 2023
Cross-site Scripting in kimai/kimai
Critical
CVE-2020-19825
was published
for
kimai/kimai
(Composer)
Feb 16, 2023
Code Injection in thorsten/phpmyfaq
Critical
CVE-2023-0788
was published
for
thorsten/phpmyfaq
(Composer)
Feb 12, 2023
Command Injection in thorsten/phpmyfaq
Critical
CVE-2023-0789
was published
for
thorsten/phpmyfaq
(Composer)
Feb 12, 2023
SQL injection in webbuilders-group silverstripe-kapost-bridge
Critical
CVE-2015-10077
was published
for
webbuilders-group/silverstripe-kapost-bridge
(Composer)
Feb 10, 2023
Deserialization of Untrusted Data in thinkphp
Critical
CVE-2022-45982
was published
for
topthink/think
(Composer)
Feb 8, 2023
URI validation failure on SVG parsing. Bypass of CVE-2023-23924
Critical
CVE-2023-24813
was published
for
dompdf/dompdf
(Composer)
Feb 7, 2023
tinymighty WikiSEO is vulnerable to cross-site scripting via modifyHTML function
Critical
CVE-2015-10073
was published
for
tinymighty/wiki-seo
(Composer)
Feb 6, 2023
AVideo contains Command injection when embedding a video link
Critical
CVE-2023-25313
was published
for
wwbn/avideo
(Composer)
Feb 2, 2023
Dompdf vulnerable to URI validation failure on SVG parsing
Critical
CVE-2023-23924
was published
for
dompdf/dompdf
(Composer)
Feb 1, 2023
phpmyadmin contains SQL Injection vulnerability
Critical
CVE-2020-22452
was published
for
phpmyadmin/phpmyadmin
(Composer)
Jan 26, 2023
XpressEngine vulnerable to Unrestricted Upload of File with Dangerous Type
Critical
CVE-2021-26642
was published
for
xpressengine/xpressengine
(Composer)
Jan 20, 2023
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
Critical
CVE-2023-22727
was published
for
cakephp/cakephp
(Composer)
Jan 20, 2023
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views
Critical
CVE-2023-22731
was published
for
shopware/core
(Composer)
Jan 17, 2023
SQL Injection in liftkit/database
Critical
CVE-2016-15020
was published
for
liftkit/database
(Composer)
Jan 16, 2023
phpMyFAQ Improper Authentication vulnerability
Critical
CVE-2023-0311
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
WebPA SQL Injection vulnerability
Critical
CVE-2021-4308
was published
for
webpa/webpa
(Composer)
Jan 8, 2023
PaginationServiceProvider SQL Injection vulnerability
Critical
CVE-2014-125029
was published
for
ttskch/pagination-service-provider
(Composer)
Jan 8, 2023
kelvinmo simplexrd vulnerable to Improper Restriction of XML External Entity Reference
Critical
CVE-2015-10029
was published
for
kelvinmo/simplexrd
(Composer)
Jan 7, 2023
himiklab yii2-jqgrid-widget vulnerable to SQL Injection
Critical
CVE-2014-125051
was published
for
himiklab/yii2-jqgrid-widget
(Composer)
Jan 6, 2023
DBRisinajumi d2files SQL Injection vulnerability
Critical
CVE-2015-10018
was published
for
dbrisinajumi/d2files
(Composer)
Jan 6, 2023
ProTip!
Advisories are also available from the
GraphQL API