GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
169 advisories
Filter by severity
Symfony Unsafe Cache Serialization Could Enable RCE
Critical
CVE-2019-18889
was published
for
symfony/cache
(Composer)
Dec 2, 2019
Object injection in cookie driver in phpfastcache
Moderate
CVE-2019-16774
was published
for
phpfastcache/phpfastcache
(Composer)
Dec 12, 2019
Potential Code Injection in Sprout Forms
Critical
CVE-2020-11056
was published
for
barrelstrength/sprout-base-email
(Composer)
May 8, 2020
Potential Remote Code Execution vulnerability
High
CVE-2020-15227
was published
for
nette/application
(Composer)
Oct 2, 2020
PHP Code Injection by malicious function name in smarty
Critical
CVE-2021-26120
was published
for
smarty/smarty
(Composer)
Feb 26, 2021
Unauthenticated remote code execution in Ignition
Critical
CVE-2021-3129
was published
for
facade/ignition
(Composer)
Mar 29, 2021
Grav's Twig processing allowing dangerous PHP functions by default
High
CVE-2021-29440
was published
for
getgrav/grav
(Composer)
Apr 16, 2021
Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial
High
CVE-2021-29472
was published
for
composer/composer
(Composer)
Apr 29, 2021
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows
High
CVE-2021-34551
was published
for
phpmailer/phpmailer
(Composer)
Jun 22, 2021
Craft CMS Remote Code Injection
Critical
CVE-2021-27903
was published
for
craftcms/cms
(Composer)
Jul 2, 2021
PHP file inclusion via insert tags
Moderate
CVE-2021-37626
was published
for
contao/contao
(Composer)
Aug 23, 2021
Code injection in codiad
Critical
CVE-2019-19208
was published
for
codiad/codiad
(Composer)
Sep 1, 2021
October/System authenticated file write leads to remote code execution
High
CVE-2021-32649
was published
for
october/system
(Composer)
Jan 14, 2022
october/system arbitrary code execution
High
CVE-2021-32650
was published
for
october/system
(Composer)
Jan 14, 2022
Code Injection in microweber
High
CVE-2022-0282
was published
for
microweber/microweber
(Composer)
Jan 21, 2022
Mustache remote code injection vulnerability
High
CVE-2022-0323
was published
for
mustache/mustache
(Composer)
Jan 27, 2022
Server Side Twig Template Injection
Critical
CVE-2022-21686
was published
for
prestashop/prestashop
(Composer)
Jan 27, 2022
Remote CLI Command Execution Vulnerability in CodeIgniter4
Critical
CVE-2022-24711
was published
for
codeigniter4/framework
(Composer)
Mar 1, 2022
Code injection in dolibarr/dolibarr
High
CVE-2022-0819
was published
for
dolibarr/dolibarr
(Composer)
Mar 3, 2022
Improper Neutralization of Special Elements Used in a Template Engine in microweber
High
CVE-2022-0896
was published
for
microweber/microweber
(Composer)
Mar 10, 2022
Static Code Injection in Microweber
High
CVE-2022-0895
was published
for
microweber/microweber
(Composer)
Mar 11, 2022
Server-side Template Injection in nystudio107/craft-seomatic
High
CVE-2021-44618
was published
for
nystudio107/craft-seomatic
(Composer)
Mar 12, 2022
Code Injection in PHPUnit
Critical
CVE-2017-9841
was published
for
phpunit/phpunit
(Composer)
Mar 26, 2022
ProTip!
Advisories are also available from the
GraphQL API