GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
169 advisories
Filter by severity
Object injection in cookie driver in phpfastcache
Moderate
CVE-2019-16774
was published
for
phpfastcache/phpfastcache
(Composer)
Dec 12, 2019
XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument
Moderate
GHSA-7vcx-v65q-9wpg
was published
for
phpxmlrpc/phpxmlrpc
(Composer)
Jan 11, 2023
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views
Critical
CVE-2023-22731
was published
for
shopware/core
(Composer)
Jan 17, 2023
Server-side Template Injection in nystudio107/craft-seomatic
High
CVE-2021-44618
was published
for
nystudio107/craft-seomatic
(Composer)
Mar 12, 2022
Static Code Injection in Microweber
High
CVE-2022-0895
was published
for
microweber/microweber
(Composer)
Mar 11, 2022
PHPMailer susceptible to arbitrary code execution
High
CVE-2008-5619
was published
for
phpmailer/phpmailer
(Composer)
May 14, 2022
PHP Code Injection by malicious block or filename in Smarty
High
CVE-2022-29221
was published
for
smarty/smarty
(Composer)
May 25, 2022
Code Injection in SEOmatic
Critical
CVE-2021-41749
was published
for
nystudio107/craft-seomatic
(Composer)
Jun 13, 2022
Code injection in Elefant CMS
High
CVE-2017-20064
was published
for
elefant/cms
(Composer)
Jun 21, 2022
Badaso vulnerable to Remote Code Execution (RCE)
Critical
CVE-2022-41705
was published
for
badaso/core
(Composer)
Nov 25, 2022
Akeneo PIM Community Edition vulnerable to remote php code execution
High
CVE-2022-46157
was published
for
akeneo/pim-community-dev
(Composer)
Dec 9, 2022
Grav's Twig processing allowing dangerous PHP functions by default
High
CVE-2021-29440
was published
for
getgrav/grav
(Composer)
Apr 16, 2021
October CMS Safe Mode bypass leads to authenticated Remote Code Execution
High
CVE-2022-35944
was published
for
october/system
(Composer)
Oct 13, 2022
Froxlor vulnerable to code injection
Moderate
CVE-2022-3869
was published
for
froxlor/froxlor
(Composer)
Nov 5, 2022
October/System authenticated file write leads to remote code execution
High
CVE-2021-32649
was published
for
october/system
(Composer)
Jan 14, 2022
october/system arbitrary code execution
High
CVE-2021-32650
was published
for
october/system
(Composer)
Jan 14, 2022
RCE vulnerability in Pimcore/Mail & Dynamic Text Layout
Critical
CVE-2022-39365
was published
for
pimcore/pimcore
(Composer)
Oct 29, 2022
TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework
High
CVE-2022-23503
was published
for
typo3/cms
(Composer)
Dec 13, 2022
Command injection in yiisoft/yii2-gii
High
CVE-2020-36655
was published
for
yiisoft/yii2-gii
(Composer)
Jan 21, 2023
Microweber vulnerable to HTML Injection in create tag functionality
Moderate
CVE-2022-3245
was published
for
microweber/microweber
(Composer)
Sep 21, 2022
Potential Code Injection in Sprout Forms
Critical
CVE-2020-11056
was published
for
barrelstrength/sprout-base-email
(Composer)
May 8, 2020
Unauthenticated remote code execution in Ignition
Critical
CVE-2021-3129
was published
for
facade/ignition
(Composer)
Mar 29, 2021
Code injection in codiad
Critical
CVE-2019-19208
was published
for
codiad/codiad
(Composer)
Sep 1, 2021
ProTip!
Advisories are also available from the
GraphQL API