GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
46 advisories
Filter by severity
SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails
High
CVE-2024-53860
was published
for
spencer14420/sp-php-email-handler
(Composer)
Nov 27, 2024
Dolibarr ERP CRM vulnerable to remote code execution (RCE)
High
CVE-2024-40137
was published
for
dolibarr/dolibarr
(Composer)
Jul 24, 2024
Zend-Mail remote code execution in zend-mail via Sendmail adapter
High
GHSA-cxf7-m5g2-v594
was published
for
zendframework/zend-mail
(Composer)
Jun 7, 2024
ZendFramework Route Parameter Injection Via Query String in `Zend\Mvc`
High
GHSA-jq87-2wxp-8349
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
silverstripe/framework code execution vulnerability
High
GHSA-vgxh-x8jv-hmff
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework CSV Excel Macro Injection
High
GHSA-mqjc-x563-c9q8
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Pimcore Host Header Injection in user invitation link
High
CVE-2024-25625
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Feb 20, 2024
MantisBT Host Header Injection vulnerability
High
CVE-2024-23830
was published
for
mantisbt/mantisbt
(Composer)
Feb 20, 2024
Host header injection in the password reset
High
CVE-2024-23648
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Jan 24, 2024
Dolibarr Improper Input Validation vulnerability
High
CVE-2023-4197
was published
for
dolibarr/dolibarr
(Composer)
Nov 1, 2023
juzawebCMS Injection vulnerability
High
CVE-2023-46468
was published
for
juzaweb/cms
(Composer)
Oct 28, 2023
Composer Remote Code Execution vulnerability via web-accessible composer.phar
High
CVE-2023-43655
was published
for
composer/composer
(Composer)
Sep 29, 2023
Craft CMS vulnerable to Remote Code Execution via validatePath bypass
High
CVE-2023-40035
was published
for
craftcms/cms
(Composer)
Aug 21, 2023
grav Server-side Template Injection (SSTI) mitigation bypass
High
CVE-2023-37897
was published
for
getgrav/grav
(Composer)
Jul 19, 2023
zenstruck/collection passing callable string to EntityRepository::find() and query()
High
CVE-2023-37473
was published
for
zenstruck/collection
(Composer)
Jul 14, 2023
Craft CMS vulnerable to Remote Code Execution via unrestricted file extension
High
CVE-2023-32679
was published
for
craftcms/cms
(Composer)
May 22, 2023
Account Takeover Through Password Reset Poisoning
High
CVE-2022-33012
was published
for
microweber/microweber
(Composer)
Nov 22, 2022
Known vulnerable to account takeover via host header injection attack in v1.3.1
High
CVE-2022-33011
was published
for
idno/known
(Composer)
Jul 9, 2022
Code injection in concrete CMS
High
CVE-2022-21829
was published
for
concrete5/core
(Composer)
Jun 25, 2022
Command injection in librenms
High
CVE-2022-29712
was published
for
librenms/librenms
(Composer)
Jun 3, 2022
SEOmatic for CraftCMS allows Server-Side Template Injection
High
CVE-2020-12790
was published
for
nystudio107/craft-seomatic
(Composer)
May 24, 2022
Joomla! Framework Remote Code Injection Vulnerability
High
CVE-2015-8566
was published
for
joomla/session
(Composer)
May 17, 2022
SimpleSAMLphp SAML2 library Regular Expression Denial of Service vulnerability
High
CVE-2018-6519
was published
for
simplesamlphp/saml2
(Composer)
May 14, 2022
Twig remote code execution in templates
High
CVE-2015-7809
was published
for
twig/twig
(Composer)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API