GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
Authenticated remote code execution
Moderate
GHSA-pjj4-jjgc-h3r8
was published
for
shopware/platform
(Composer)
Mar 12, 2021
Client-Side JavaScript Prototype Pollution in oro/platform
Moderate
CVE-2021-43852
was published
for
oro/platform
(Composer)
Jan 6, 2022
Feehi CMS host header injection vulnerability
Moderate
CVE-2022-38796
was published
for
feehi/cms
(Composer)
Sep 15, 2022
Moodle Does Not Escape Characters In Email Headers
Moderate
CVE-2016-5013
was published
for
moodle/moodle
(Composer)
May 13, 2022
Froxlor vulnerable to Argument Injection
Moderate
CVE-2022-4864
was published
for
froxlor/froxlor
(Composer)
Dec 31, 2022
omeka/omeka-s Improper Input Validation vulnerability
Moderate
CVE-2023-4157
was published
for
omeka/omeka-s
(Composer)
Aug 4, 2023
Zenario CMS vulnerable to CRLF injection
Moderate
CVE-2015-3154
was published
for
zendframework/zend-http
(Composer)
May 24, 2022
Mautic vulnerable to secret data exfiltration via symfony parameters
Moderate
CVE-2021-27908
was published
for
mautic/core
(Composer)
Apr 6, 2021
Magento 2 Community Edition Injection Vulnerability
Moderate
CVE-2019-7889
was published
for
magento/community-edition
(Composer)
May 24, 2022
MediaWiki makeCollapsible allows applying event handler to any CSS selector
Moderate
CVE-2020-10960
was published
for
mediawiki/core
(Composer)
May 24, 2022
Contao: Insufficient BBCode sanitizer
Moderate
CVE-2024-28234
was published
for
contao/comments-bundle
(Composer)
Apr 9, 2024
Contao Insert tag injection in forms
Moderate
CVE-2020-25768
was published
for
contao/contao
(Composer)
Sep 24, 2020
SilverStripe CSV Excel Macro Injection
Moderate
CVE-2017-18049
was published
for
silverstripe/framework
(Composer)
May 14, 2022
Pusher Service Channel Authentication Bypass
Moderate
GHSA-7v7m-pcw5-h3cg
was published
for
pusher/pusher-php-server
(Composer)
May 20, 2024
SimpleSAMLphp Link Injection vulnerability
Moderate
GHSA-v858-922f-fj9v
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension
Moderate
GHSA-g5vj-wj9x-4jg9
was published
for
symbiote/silverstripe-multivaluefield
(Composer)
May 29, 2024
ZendFramework Potential Proxy Injection Vulnerabilities
Moderate
GHSA-mg7h-9qfx-4r83
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
ZendFramework potential remote code execution in zend-mail via Sendmail adapter
Moderate
GHSA-gff2-p6vm-3p8g
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
Contao affected by insert tag injection via canonical URL
Moderate
CVE-2024-45612
was published
for
contao/core-bundle
(Composer)
Sep 17, 2024
Symfony allows changing the environment through a query
Moderate
CVE-2024-50340
was published
for
symfony/runtime
(Composer)
Nov 6, 2024
Moodle vulnerable to cache poisoning via injection into storage
Moderate
CVE-2024-43428
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
ProTip!
Advisories are also available from the
GraphQL API