GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
99 advisories
Filter by severity
URL Rewrite vulnerability in multiple zendframework components
High
GHSA-f6p5-76fp-m248
was published
for
zendframework/zend-diactoros
(Composer)
Apr 28, 2022
Exploitable inventory component chaining in PocketMine-MP
High
GHSA-8jq6-w5cg-wm45
was published
for
pocketmine/pocketmine-mp
(Composer)
Nov 11, 2020
NaN/INF in serverbound movement packets can crash clients and servers
High
GHSA-fm35-jgg3-3grx
was published
for
pocketmine/pocketmine-mp
(Composer)
Mar 18, 2022
Buffer length underflow in LoginPacket causing unchecked exceptions to be thrown
High
GHSA-5jfw-35xp-5m42
was published
for
pocketmine/bedrock-protocol
(Composer)
Apr 5, 2022
Cross-site scripting from content entered in the tags and multiselect fields
High
GHSA-rv3r-vqjj-8c76
was published
for
getkirby/cms
(Composer)
Aug 30, 2022
symfont/process typosquatting malware spoofs symfony/process
High
GHSA-g3j5-mpp2-2fqm
was published
for
symfont/process
(Composer)
Jan 26, 2023
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification
High
CVE-2021-41129
was published
for
pterodactyl/panel
(Composer)
Oct 4, 2021
Unrestricted Upload of File with Dangerous Type in WPanel 4
High
CVE-2021-34257
was published
for
wpanel/wpanel4-cms
(Composer)
Apr 1, 2022
Persistent Cross-site Scripting vulnerability in PrivateBin
High
CVE-2022-24833
was published
for
privatebin/privatebin
(Composer)
Apr 12, 2022
PHP Code Injection by malicious block or filename in Smarty
High
CVE-2022-29221
was published
for
smarty/smarty
(Composer)
May 25, 2022
Possible cross-site scripting attack via unsanitized SVG files in FoF Upload
High
CVE-2022-30999
was published
for
fof/upload
(Composer)
May 25, 2022
Zip slip in Microweber
High
CVE-2020-28337
was published
for
microweber/microweber
(Composer)
Feb 10, 2022
Insecure Inherited Permissions in neoan3-apps/template
High
CVE-2021-41170
was published
for
neoan3-apps/template
(Composer)
Nov 10, 2021
Cross-site scripting vulnerability in file upload
High
CVE-2021-39136
was published
for
baserproject/basercms
(Composer)
Aug 30, 2021
Malicious password-reset in Akaunting
High
CVE-2021-36804
was published
for
akaunting/akaunting
(Composer)
Sep 1, 2021
Pterodactyl vulnerable to 2FA Sniffing
High
CVE-2019-1020002
was published
for
pterodactyl/panel
(Composer)
May 24, 2022
Microweber vulnerable to unrestricted malicious uploads
High
CVE-2022-4732
was published
for
microweber/microweber
(Composer)
Dec 27, 2022
Cross-site Scripting in HTML2PDF
High
CVE-2021-45394
was published
for
spipu/html2pdf
(Composer)
Jan 21, 2022
File upload restriction bypass in Zenario CMS
High
CVE-2022-23043
was published
for
tribalsystems/zenario
(Composer)
Feb 25, 2022
Cross Site Request Forgery in intelliants/subrion
High
CVE-2020-18326
was published
for
intelliants/subrion
(Composer)
Mar 5, 2022
TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering
High
CVE-2023-24814
was published
for
typo3/cms
(Composer)
Feb 8, 2023
SQL injection in ImpressCMS
High
CVE-2022-26986
was published
for
impresscms/impresscms
(Composer)
Apr 6, 2022
OS Command Injection in baserCMS
High
CVE-2021-20682
was published
for
baserproject/basercms
(Composer)
Jun 8, 2021
Archive_Tar contains Potential RCE if filename starts with phar://
High
CVE-2018-1000888
was published
for
pear/archive_tar
(Composer)
Jul 7, 2023
Feehi CMS arbitrary file upload vulnerability
High
CVE-2020-22643
was published
for
feehi/cms
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API