GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
460 advisories
Filter by severity
Badaso vulnerable to Remote Code Execution (RCE)
Critical
CVE-2022-41705
was published
for
badaso/core
(Composer)
Nov 25, 2022
Cross site scripting vulnerability with discussion titles
Critical
CVE-2022-41938
was published
for
flarum/core
(Composer)
Nov 21, 2022
SQL injection in Dolibarr
Critical
CVE-2022-4093
was published
for
dolibarr/dolibarr
(Composer)
Nov 21, 2022
Insufficient Session Expiration in librenms/librenms
Critical
CVE-2022-4070
was published
for
librenms/librenms
(Composer)
Nov 20, 2022
Dolibarr vulnerable to privilege escalation
Critical
CVE-2022-43138
was published
for
dolibarr/dolibarr
(Composer)
Nov 17, 2022
eZ Platform users with the Company admin role can assign any role to any user
Critical
GHSA-99r3-xmmq-7q7g
was published
for
ezsystems/ezpublish-kernel
(Composer)
Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user
Critical
GHSA-8h83-chh2-fchp
was published
for
ezsystems/ezplatform-kernel
(Composer)
Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user
Critical
GHSA-446q-xxg5-3vhh
was published
for
ezsystems/repository-forms
(Composer)
Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user
Critical
GHSA-pcpm-vc4v-cmvx
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
Nov 10, 2022
Ibexa DXP users with the Company admin role can assign any role to any user
Critical
GHSA-g6jc-xrc3-4wwq
was published
for
ibexa/admin-ui
(Composer)
Nov 10, 2022
Ibexa DXP users with the Company admin role can assign any role to any user
Critical
GHSA-394j-x37r-2q27
was published
for
ibexa/core
(Composer)
Nov 10, 2022
ibexa/admin-ui vulnerable to Cross-site Scripting in content type name/shortname
Critical
GHSA-7644-cxp8-h23r
was published
for
ibexa/admin-ui
(Composer)
Nov 10, 2022
ezplatform-admin-ui vulnerable to Cross-Site Scripting (XSS)
Critical
GHSA-58h5-h554-429q
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
Nov 10, 2022
GraphQL queries can expose password hashes
Critical
GHSA-3p7g-wrgg-wq45
was published
for
ibexa/graphql
(Composer)
Nov 10, 2022
Centreon vulnerable to SQL Injection
Critical
CVE-2022-3827
was published
for
centreon/centreon
(Composer)
Nov 2, 2022
easyii CMS's File Upload Management vulnerable to unrestricted upload
Critical
CVE-2022-3771
was published
for
noumo/easyii
(Composer)
Oct 31, 2022
phpMyFAQ contains Weak Password Requirements
Critical
CVE-2022-3754
was published
for
thorsten/phpmyfaq
(Composer)
Oct 29, 2022
RCE vulnerability in Pimcore/Mail & Dynamic Text Layout
Critical
CVE-2022-39365
was published
for
pimcore/pimcore
(Composer)
Oct 29, 2022
Badaso vulnerable to Remote Code Execution via malicious file upload
Critical
CVE-2022-41711
was published
for
badaso/core
(Composer)
Oct 26, 2022
Dolibarr vulnerable to Eval Injection
Critical
CVE-2022-40871
was published
for
dolibarr/dolibarr
(Composer)
Oct 12, 2022
TCPDF vulnerable to attackers triggering deserialization of arbitrary data
Critical
CVE-2018-17057
was published
for
fooman/tcpdf
(Composer)
Oct 6, 2022
Moodle remote code execution
Critical
CVE-2022-40314
was published
for
moodle/moodle
(Composer)
Oct 1, 2022
Moodle Minor SQL injection risk in admin user browsing
Critical
CVE-2022-40315
was published
for
moodle/moodle
(Composer)
Oct 1, 2022
Pagekit vulnerable to Unrestricted Upload of File with Dangerous Type
Critical
CVE-2022-38916
was published
for
pagekit/pagekit
(Composer)
Sep 21, 2022
ThinkPHP deserialization vulnerability
Critical
CVE-2022-38352
was published
for
topthink/framework
(Composer)
Sep 16, 2022
ProTip!
Advisories are also available from the
GraphQL API