Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

81 advisories

Loading
Deserialization of Untrusted Data in dompdf/dompdf Critical
CVE-2021-3838 was published for dompdf/dompdf (Composer) Nov 15, 2024
FileManager Deserialization of Untrusted Data vulnerability High
CVE-2024-52306 was published for backpack/filemanager (Composer) Nov 13, 2024
catferq
ThinkPHP deserialization vulnerability High
CVE-2024-48112 was published for topthink/thinkphp (Composer) Oct 30, 2024
Admidio Vulnerable to HTML Injection In The Messages Section Low
CVE-2024-47836 was published for admidio/admidio (Composer) Oct 16, 2024
Kakashi1234
ThinkPHP deserialization vulnerability Critical
CVE-2024-44902 was published for topthink/framework (Composer) Sep 9, 2024
nukeviet Deserialization of Untrusted Data vulnerability High
CVE-2024-36528 was published for nukeviet/nukeviet (Composer) Jun 10, 2024
image-optimizer allows PHAR deserialization High
CVE-2024-34515 was published for spatie/image-optimizer (Composer) May 5, 2024
TorrentPier Deserialization of Untrusted Data vulnerability Critical
CVE-2024-40624 was published for torrentpier/torrentpier (Composer) Jul 15, 2024
swapgs
Gadget chain in Symfony 1 due to uncontrolled unserialized input in sfNamespacedParameterHolder Moderate
CVE-2024-28861 was published for friendsofsymfony1/symfony1 (Composer) Mar 22, 2024
darkpills
Laravel Framework RCE Vulnerability High
CVE-2018-15133 was published for laravel/framework (Composer) May 14, 2022
By-passing Protection of PharStreamWrapper Interceptor Moderate
GHSA-4v5g-8pq2-32m2 was published for typo3/phar-stream-wrapper (Composer) Jun 5, 2024
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS High
GHSA-ppgf-8745-8pgx was published for typo3/cms (Composer) Jun 5, 2024
Insecure Deserialization in TYPO3 CMS High
GHSA-8h28-f46f-m87h was published for typo3/cms (Composer) Jun 5, 2024
TYPO3 Possible Insecure Deserialization in Extbase Request Handling High
GHSA-5h5v-m596-r6rf was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 CMS Insecure Deserialization High
GHSA-96jg-pmc4-cx39 was published for typo3/cms-core (Composer) May 30, 2024
Symfony XML decoding attack vector through external entities Critical
GHSA-mmcv-fvq8-r9x3 was published for symfony/symfony (Composer) May 30, 2024
Laravel Cookie serialization vulnerability High
GHSA-6jvx-8ch9-j2jr was published for laravel/framework (Composer) May 15, 2024
Laravel Cookie serialization vulnerability High
GHSA-2867-6rrm-38gr was published for illuminate/cookie (Composer) May 15, 2024
Subrion CMS PHP Object Injection Moderate
CVE-2020-12469 was published for intelliants/subrion (Composer) May 24, 2022
TYPO3 Insecure Deserialization in Query Generator & Query View High
CVE-2019-19849 was published for typo3/cms (Composer) May 24, 2022
Froxlor PHP Object Injection vulnerability High
CVE-2018-1000527 was published for froxlor/froxlor (Composer) May 13, 2022
ThinkAdmin insecure unserialize vulnerability Critical
CVE-2020-23653 was published for zoujingli/thinkadmin (Composer) May 24, 2022
phpBB Remote Code Execution High
CVE-2018-19274 was published for phpbb/phpbb (Composer) May 13, 2022
Pimcore Unserialize Remote Code Execution High
CVE-2019-10867 was published for pimcore/pimcore (Composer) May 13, 2022
Drupal Core Remote Code Execution Vulnerability High
CVE-2019-6340 was published for drupal/core (Composer) May 13, 2022
ProTip! Advisories are also available from the GraphQL API