GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
47 advisories
Filter by severity
Craft CMS Arbitrary System File Read
High
CVE-2024-52292
was published
for
craftcms/cms
(Composer)
Nov 13, 2024
Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution
High
CVE-2024-52291
was published
for
craftcms/cms
(Composer)
Nov 13, 2024
Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI
High
CVE-2024-52293
was published
for
craftcms/cms
(Composer)
Nov 13, 2024
Moodle has CSRF risk in Feedback non-respondents report
High
CVE-2024-43434
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
SQL injection in funadmin
High
CVE-2024-48224
was published
for
funadmin/funadmin
(Composer)
Oct 25, 2024
Grav File Upload Path Traversal
High
CVE-2024-27921
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder
High
CVE-2021-27916
was published
for
mautic/core
(Composer)
Apr 12, 2024
Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint
High
CVE-2024-42485
was published
for
pxlrbt/filament-excel
(Composer)
Aug 12, 2024
Appwrite Directory Traversal vulnerability
High
CVE-2022-25377
was published
for
appwrite/server-ce
(Composer)
Feb 23, 2024
Zip slip in opencart
High
CVE-2024-21518
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
ZendFramework local file inclusion vector in `Zend_View::setScriptPath()` and `render()`
High
GHSA-hx3m-959f-v849
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
TYPO3 Arbitrary Code Execution and Cross-Site Scripting in Backend API
High
GHSA-x428-565f-8xj2
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Path Traversal within joomla/archive tar class
High
CVE-2022-23793
was published
for
joomla/archive
(Composer)
Mar 31, 2022
Grav Vulnerable to Arbitrary File Read to Account Takeover
High
CVE-2024-34082
was published
for
getgrav/grav
(Composer)
May 15, 2024
Grav CMS Arbitrary File Deletion
High
CVE-2020-29555
was published
for
getgrav/grav
(Composer)
May 24, 2022
Contao Core directory traversal vulnerability
High
CVE-2017-10993
was published
for
contao/contao
(Composer)
May 13, 2022
EC-CUBE Directory traversal vulnerability
High
CVE-2020-5590
was published
for
ec-cube/ec-cube
(Composer)
May 24, 2022
TeamPass PHP arbitrary file include vulnerability
High
CVE-2020-12479
was published
for
nilsteampassnet/teampass
(Composer)
May 24, 2022
OpenCart Path Traversal
High
CVE-2018-11494
was published
for
opencart/opencart
(Composer)
May 14, 2022
ThinkAdmin directory traversal vulnerability
High
CVE-2020-25540
was published
for
zoujingli/thinkadmin
(Composer)
May 24, 2022
Magento 2 Community Edition Path Traversal Vulnerability
High
CVE-2019-7859
was published
for
magento/community-edition
(Composer)
May 24, 2022
Smarty Path Traversal Vulnerability
High
CVE-2018-13982
was published
for
smarty/smarty
(Composer)
May 13, 2022
Relative Path Traversal (CWE-23) in chunked uploads in oneup/uploader-bundle
High
CVE-2020-5237
was published
for
oneup/uploader-bundle
(Composer)
Feb 18, 2020
Symfony Directory Traversal
High
CVE-2017-16654
was published
for
symfony/intl
(Composer)
May 14, 2022
Broken Access Control in Form Framework
High
CVE-2021-21357
was published
for
typo3/cms
(Composer)
Mar 23, 2021
ProTip!
Advisories are also available from the
GraphQL API