Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

165 advisories

Loading
openCart Server-Side Template Injection (SSTI) vulnerability Moderate
CVE-2024-40420 was published for opencart/opencart (Composer) Jul 17, 2024
Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI High
CVE-2024-52293 was published for craftcms/cms (Composer) Nov 13, 2024
nullchilly
Moodle Remote Code Execution vulnerability High
CVE-2024-43425 was published for moodle/moodle (Composer) Nov 7, 2024
Cross-site Scripting in Moodle Chat Moderate
CVE-2024-28593 was published for moodle/moodle (Composer) Mar 22, 2024
Remote code execution in php-heic-to-jpg High
CVE-2024-48514 was published for maestroerror/php-heic-to-jpg (Composer) Oct 24, 2024
Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script High
CVE-2023-38886 was published for dolibarr/dolibarr (Composer) Sep 20, 2023
WWBN AVideo Remote Code Execution Critical
CVE-2024-31819 was published for wwbn/avideo (Composer) Apr 10, 2024
TYPO3 Install Tool vulnerable to Code Execution High
CVE-2024-22188 was published for typo3/cms-core (Composer) Feb 13, 2024
bnf
Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag High
CVE-2024-42355 was published for shopware/core (Composer) Aug 8, 2024
Creastery
Shopware vulnerable to Server Side Template Injection in Twig using Context functions High
CVE-2024-42356 was published for shopware/core (Composer) Aug 8, 2024
Creastery
Dolibarr arbitrary file upload vulnerability High
CVE-2024-37821 was published for dolibarr/dolibarr (Composer) Jun 18, 2024
Drupal Core Remote Code Execution Vulnerability Critical
CVE-2018-7602 was published for drupal/core (Composer) Apr 23, 2024
Privilege Escalation & SQL Injection in TYPO3 CMS High
GHSA-7qwg-fcpw-xg5g was published for typo3/cms (Composer) Jun 5, 2024
TYPO3 Remote Code Execution in third party library swiftmailer High
GHSA-g4pf-3jvq-2gcw was published for typo3/cms (Composer) Jun 5, 2024
Arbitrary Code Execution in TYPO3 CMS Critical
GHSA-67wg-6j7r-mqh8 was published for typo3/cms (Composer) Jun 5, 2024
Symfony Cross-Site Request Forgery vulnerability in the Web Profiler High
CVE-2014-6072 was published for symfony/symfony (Composer) May 30, 2024
Code injection in the way Symfony implements translation caching in FrameworkBundle High
CVE-2014-4931 was published for symfony/framework-bundle (Composer) May 30, 2024
Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag High
CVE-2024-35226 was published for smarty/smarty (Composer) May 29, 2024
TrixterTheTux
Laravel RCE vulnerability in "cookie" session driver Critical
GHSA-2ffv-r4r9-r8xr was published for illuminate/cookie (Composer) May 15, 2024
Ez Platform Object Injection in legacy shop module Moderate
GHSA-39j2-4p9j-5w4j was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
EZsystems Remote code execution in file uploads High
GHSA-9895-26wr-4fgv was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads Moderate
GHSA-pqjm-xcp8-wgmm was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
eZ Platform Object Injection in SiteAccessMatchListener High
GHSA-64vj-933f-6pm3 was published for ezsystems/ezpublish-kernel (Composer) May 15, 2024
eZ Publish Remote code execution in file uploads High
GHSA-3vwr-jj4f-h98x was published for ezsystems/ezpublish-kernel (Composer) May 15, 2024
eZ Platform Object Injection in SiteAccessMatchListener High
GHSA-2w9p-xxqr-h253 was published for ezsystems/ezplatform-kernel (Composer) May 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database