GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
30 advisories
Filter by severity
Steam Socialite Provider v1 does not correctly validate openid server
Critical
GHSA-hhw9-35p2-q2c5
was published
for
socialiteproviders/steam
(Composer)
Jan 29, 2021
October CMS Session ID not invalidated after logout
Critical
CVE-2021-3311
was published
for
october/rain
(Composer)
Feb 10, 2021
PHP Code Injection by malicious function name in smarty
Critical
CVE-2021-26120
was published
for
smarty/smarty
(Composer)
Feb 26, 2021
Fixes a bug in Zend Framework's Stream HTTP Wrapper
Critical
CVE-2021-21426
was published
for
openmage/magento-lts
(Composer)
Apr 22, 2021
Improper Certificate Validation in WP-CLI framework
Critical
CVE-2021-29504
was published
for
wp-cli/wp-cli
(Composer)
May 19, 2021
XSS vulnerability with translator
Critical
CVE-2021-32671
was published
for
flarum/core
(Composer)
Jun 7, 2021
Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem
Critical
CVE-2021-32708
was published
for
league/flysystem
(Composer)
Jun 29, 2021
Dolibarr Cross-site Scripting vulnerability
Critical
CVE-2021-25955
was published
for
dolibarr/dolibarr
(Composer)
Aug 30, 2021
Cross-site Scripting in showdoc/showdoc
Critical
CVE-2022-0960
was published
for
showdoc/showdoc
(Composer)
Mar 15, 2022
elFinder Unrestricted File Upload vulnerability
Critical
CVE-2021-43421
was published
for
studio-42/elfinder
(Composer)
Apr 8, 2022
Magento 2 Community Edition RCE Vulnerability
Critical
CVE-2019-8144
was published
for
magento/community-edition
(Composer)
May 24, 2022
phpMyAdmin SQL injection vulnerability
Critical
CVE-2020-26935
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 24, 2022
ShopXO RCE Vulnerability
Critical
CVE-2021-27817
was published
for
shopxo/shopxo
(Composer)
May 24, 2022
Pagekit vulnerable to Unrestricted Upload of File with Dangerous Type
Critical
CVE-2022-38916
was published
for
pagekit/pagekit
(Composer)
Sep 21, 2022
Dolibarr vulnerable to Eval Injection
Critical
CVE-2022-40871
was published
for
dolibarr/dolibarr
(Composer)
Oct 12, 2022
Badaso vulnerable to Remote Code Execution via malicious file upload
Critical
CVE-2022-41711
was published
for
badaso/core
(Composer)
Oct 26, 2022
Cross site scripting vulnerability with discussion titles
Critical
CVE-2022-41938
was published
for
flarum/core
(Composer)
Nov 21, 2022
PHAR deserialization allowing remote code execution
Critical
CVE-2023-28115
was published
for
knplabs/knp-snappy
(Composer)
Mar 17, 2023
baserCMS allows any file to be uploaded
Critical
CVE-2023-25655
was published
for
baserproject/basercms
(Composer)
Mar 23, 2023
Grav Server Side Template Injection (SSTI) vulnerability
Critical
CVE-2023-34251
was published
for
getgrav/grav
(Composer)
Jun 16, 2023
php-imap vulnerable to RCE through a directory traversal vulnerability
Critical
CVE-2023-35169
was published
for
webklex/laravel-imap
(Composer)
Jun 21, 2023
PyroCMS remote code execution vulnerability
Critical
CVE-2023-29689
was published
for
pyrocms/pyrocms
(Composer)
Aug 4, 2023
Cachet vulnerable to Authenticated Remote Code Execution
Critical
CVE-2023-43661
was published
for
cachethq/cachet
(Composer)
Oct 16, 2023
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE
Critical
GHSA-97m3-52wr-xvv2
was published
for
phenx/php-svg-lib
(Composer)
Feb 22, 2024
Remote Code Execution by uploading a phar file using frontmatter
Critical
CVE-2024-27923
was published
for
getgrav/grav
(Composer)
Mar 6, 2024
ProTip!
Advisories are also available from the
GraphQL API