GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,683 advisories
Filter by severity
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows
High
CVE-2021-34551
was published
for
phpmailer/phpmailer
(Composer)
Jun 22, 2021
Cross-site scripting in PageKit
Moderate
CVE-2021-32245
was published
for
pagekit/pagekit
(Composer)
Jun 22, 2021
Form validation can be skipped
Moderate
CVE-2021-32697
was published
for
neos/form
(Composer)
Jun 22, 2021
ckeditor4 vulnerable to cross-site scripting
Moderate
CVE-2021-33829
was published
for
ckeditor4
(Composer)
Jun 21, 2021
Authentication granted to all firewalls instead of just one
Moderate
CVE-2021-32693
was published
for
symfony/security-http
(Composer)
Jun 21, 2021
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE
Critical
CVE-2021-32682
was published
for
studio-42/elfinder
(Composer)
Jun 16, 2021
elFinder unsafe upload filtering leading to remote code execution
High
CVE-2021-23394
was published
for
studio-42/elfinder
(Composer)
Jun 15, 2021
Authentication bypass in SilverStripe GraphQL
Moderate
CVE-2020-26136
was published
for
silverstripe/graphql
(Composer)
Jun 10, 2021
Cross-site scripting in Centreon
Moderate
CVE-2021-27676
was published
for
centreon/centreon
(Composer)
Jun 8, 2021
Predictable CSRF tokens in centreon/centreon
Moderate
CVE-2021-28055
was published
for
centreon/centreon
(Composer)
Jun 8, 2021
Server-Side Request Forgery in Feehi CMS
Critical
CVE-2021-30108
was published
for
feehi/cms
(Composer)
Jun 8, 2021
SQL Injection in tribalsystems/zenario
Moderate
CVE-2021-27672
was published
for
tribalsystems/zenario
(Composer)
Jun 8, 2021
Cross-site scripting in media2click
Moderate
CVE-2021-31778
was published
for
amazing/media2click
(Composer)
Jun 8, 2021
reflected XSS in tribalsystems/zenario
Moderate
CVE-2021-27673
was published
for
tribalsystems/zenario
(Composer)
Jun 8, 2021
Remote code execution in zendframework and laminas-http
Critical
CVE-2021-3007
was published
for
laminas/laminas-http
(Composer)
Jun 8, 2021
Cross-site Scripting (XSS) in baserCMS
Moderate
CVE-2021-20683
was published
for
baserproject/basercms
(Composer)
Jun 8, 2021
OS Command Injection in baserCMS
High
CVE-2021-20682
was published
for
baserproject/basercms
(Composer)
Jun 8, 2021
Cross-site Scripting (XSS) in baserCMS
Moderate
CVE-2021-20681
was published
for
baserproject/basercms
(Composer)
Jun 8, 2021
XSS vulnerability with translator
Critical
CVE-2021-32671
was published
for
flarum/core
(Composer)
Jun 7, 2021
Improper rate limiting in Koel
High
CVE-2021-33563
was published
for
phanan/koel
(Composer)
Jun 1, 2021
Open redirect in direct_mail
Moderate
CVE-2020-12699
was published
for
directmailteam/direct-mail
(Composer)
May 24, 2021
Denial of service in direct_mail
Moderate
CVE-2020-12697
was published
for
directmailteam/direct-mail
(Composer)
May 24, 2021
Server-Side Request Forgery in yoast_seo
Moderate
CVE-2021-31779
was published
for
yoast-seo-for-typo3/yoast_seo
(Composer)
May 21, 2021
Information leakage in Error Handler
Moderate
GHSA-9vxv-wpv4-f52p
was published
for
shopware/shopware
(Composer)
May 21, 2021
ProTip!
Advisories are also available from the
GraphQL API