GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
99 advisories
Filter by severity
Class destructors causing side-effects when being unserialized in TYPO3 CMS
High
CVE-2020-11066
was published
for
typo3/cms
(Composer)
May 13, 2020
Backend Same-Site Request Forgery in TYPO3 CMS
High
CVE-2020-11069
was published
for
typo3/cms
(Composer)
May 13, 2020
Exploitable inventory component chaining in PocketMine-MP
High
GHSA-8jq6-w5cg-wm45
was published
for
pocketmine/pocketmine-mp
(Composer)
Nov 11, 2020
Cross-Site Scripting through Fluid view helper arguments
High
CVE-2020-26216
was published
for
typo3fluid/fluid
(Composer)
Nov 18, 2020
Unrestricted File Upload in Form Framework
High
CVE-2021-21355
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Broken Access Control in Form Framework
High
CVE-2021-21357
was published
for
typo3/cms
(Composer)
Mar 23, 2021
OS Command Injection in baserCMS
High
CVE-2021-20682
was published
for
baserproject/basercms
(Composer)
Jun 8, 2021
Cross-site scripting vulnerability in file upload
High
CVE-2021-39136
was published
for
baserproject/basercms
(Composer)
Aug 30, 2021
Malicious password-reset in Akaunting
High
CVE-2021-36804
was published
for
akaunting/akaunting
(Composer)
Sep 1, 2021
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification
High
CVE-2021-41129
was published
for
pterodactyl/panel
(Composer)
Oct 4, 2021
Cross-Site-Request-Forgery in Backend
High
CVE-2021-41113
was published
for
typo3/cms
(Composer)
Oct 5, 2021
Insecure Inherited Permissions in neoan3-apps/template
High
CVE-2021-41170
was published
for
neoan3-apps/template
(Composer)
Nov 10, 2021
Sandbox Escape by math function in smarty
High
CVE-2021-29454
was published
for
smarty/smarty
(Composer)
Jan 12, 2022
Cross-site Scripting in HTML2PDF
High
CVE-2021-45394
was published
for
spipu/html2pdf
(Composer)
Jan 21, 2022
Zip slip in Microweber
High
CVE-2020-28337
was published
for
microweber/microweber
(Composer)
Feb 10, 2022
ThinkPHP Remote Code Execution (RCE) vulnerability
High
CVE-2021-44892
was published
for
topthink/framework
(Composer)
Feb 11, 2022
File upload restriction bypass in Zenario CMS
High
CVE-2022-23043
was published
for
tribalsystems/zenario
(Composer)
Feb 25, 2022
Cross Site Request Forgery in intelliants/subrion
High
CVE-2020-18326
was published
for
intelliants/subrion
(Composer)
Mar 5, 2022
Unrestricted Upload of File with Dangerous Type in Croogo
High
CVE-2021-44673
was published
for
croogo/croogo
(Composer)
Mar 11, 2022
NaN/INF in serverbound movement packets can crash clients and servers
High
GHSA-fm35-jgg3-3grx
was published
for
pocketmine/pocketmine-mp
(Composer)
Mar 18, 2022
Unrestricted Upload of File with Dangerous Type in WPanel 4
High
CVE-2021-34257
was published
for
wpanel/wpanel4-cms
(Composer)
Apr 1, 2022
Buffer length underflow in LoginPacket causing unchecked exceptions to be thrown
High
GHSA-5jfw-35xp-5m42
was published
for
pocketmine/bedrock-protocol
(Composer)
Apr 5, 2022
SQL injection in ImpressCMS
High
CVE-2022-26986
was published
for
impresscms/impresscms
(Composer)
Apr 6, 2022
Persistent Cross-site Scripting vulnerability in PrivateBin
High
CVE-2022-24833
was published
for
privatebin/privatebin
(Composer)
Apr 12, 2022
URL Rewrite vulnerability in multiple zendframework components
High
GHSA-f6p5-76fp-m248
was published
for
zendframework/zend-diactoros
(Composer)
Apr 28, 2022
ProTip!
Advisories are also available from the
GraphQL API