GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
Remote code execution via vulnerable Symphony dependecy injection
Critical
CVE-2019-8135
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Potential Code Injection in Sprout Forms
Critical
CVE-2020-11056
was published
for
barrelstrength/sprout-base-email
(Composer)
May 8, 2020
Remote Code Execution in SyliusResourceBundle
Critical
CVE-2020-15146
was published
for
sylius/resource-bundle
(Composer)
Aug 19, 2020
Craft CMS Remote Code Injection
Critical
CVE-2021-27903
was published
for
craftcms/cms
(Composer)
Jul 2, 2021
Code injection in topthink/think
Critical
CVE-2020-17952
was published
for
topthink/think
(Composer)
Aug 9, 2021
Code injection in ezsystems/ezpublish-kernel
Critical
CVE-2022-25337
was published
for
ezsystems/ezpublish-kernel
(Composer)
Feb 19, 2022
Codiad remote code execution vulnerability
Critical
CVE-2018-14009
was published
for
codiad/codiad
(Composer)
May 13, 2022
CodeIgniter arbitrary code execution
Critical
CVE-2016-10131
was published
for
codeigniter4/framework
(Composer)
May 17, 2022
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
Critical
CVE-2014-4172
was published
for
DotNetCasClient
(Composer)
May 17, 2022
LibreNMS Information Disclosure
Critical
CVE-2019-10665
was published
for
librenms/librenms
(Composer)
May 24, 2022
SEOmatic for CraftCMS allows Server-Side Template Injection
Critical
CVE-2020-9757
was published
for
nystudio107/craft-seomatic
(Composer)
May 24, 2022
Fat-Free Framework arbitrary code execution
Critical
CVE-2020-5203
was published
for
bcosca/fatfree
(Composer)
May 24, 2022
Cachet vulnerable to Authenticated Remote Code Execution
Critical
CVE-2023-43661
was published
for
cachethq/cachet
(Composer)
Oct 16, 2023
Shopware Remote Code Execution Vulnerability
Critical
GHSA-q3g4-2vw9-xv27
was published
for
shopware/shopware
(Composer)
May 21, 2024
Shopware Remote Code Execution Vulnerability
Critical
GHSA-7336-ghhp-f2qj
was published
for
shopware/shopware
(Composer)
May 21, 2024
TYPO3 CMS Insecure Deserialization & Arbitrary Code Execution
Critical
GHSA-cc97-g92w-jm65
was published
for
typo3/cms-core
(Composer)
May 30, 2024
willdurand/js-translation-bundle potential path traversal attack and remote code injection
Critical
GHSA-x86x-qhf8-f37w
was published
for
willdurand/js-translation-bundle
(Composer)
Jun 7, 2024
ProTip!
Advisories are also available from the
GraphQL API