GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
137 advisories
Filter by severity
Denial of service caused by infinite recursion when parsing SVG images
Moderate
CVE-2023-50262
was published
for
dompdf/dompdf
(Composer)
Dec 13, 2023
Dolibarr Improper Input Validation vulnerability
High
CVE-2023-4197
was published
for
dolibarr/dolibarr
(Composer)
Nov 1, 2023
OpenCart Path Traversal vulnerability
High
CVE-2023-2315
was published
for
opencart/opencart
(Composer)
Sep 27, 2023
Prevent injection of invalid entity ids for "autocomplete" fields
Moderate
CVE-2023-41336
was published
for
symfony/ux-autocomplete
(Composer)
Sep 11, 2023
PrestaShop file deletion via CustomerMessage
Moderate
CVE-2023-39530
was published
for
prestashop/prestashop
(Composer)
Aug 9, 2023
PrestaShop file deletion via attachment API
Moderate
CVE-2023-39529
was published
for
prestashop/prestashop
(Composer)
Aug 9, 2023
omeka/omeka-s Improper Input Validation vulnerability
Moderate
CVE-2023-4157
was published
for
omeka/omeka-s
(Composer)
Aug 4, 2023
Silverstripe Framework: Members with no password can be created and bypass custom login forms
Low
CVE-2023-32302
was published
for
silverstripe/framework
(Composer)
Jul 31, 2023
Grav Server-side Template Injection (SSTI) via Twig Default Filters
High
CVE-2023-34448
was published
for
getgrav/grav
(Composer)
Jun 16, 2023
Pimcore vulnerable to Business Logic Errors via Customer automation rules
Moderate
CVE-2023-32075
was published
for
pimcore/customer-management-framework-bundle
(Composer)
May 11, 2023
Improper input validation in Drupal core
High
CVE-2022-25273
was published
for
drupal/core
(Composer)
Apr 26, 2023
HTTP Multiline Header Termination
High
CVE-2023-29530
was published
for
laminas/laminas-diactoros
(Composer)
Apr 24, 2023
Firefly III vulnerable to improper input validation
Moderate
CVE-2023-1789
was published
for
grumpydictator/firefly-iii
(Composer)
Apr 1, 2023
phpMyFAQ vulnerable to improper input validation
Moderate
CVE-2023-1754
was published
for
thorsten/phpmyfaq
(Composer)
Mar 31, 2023
Moodle arbitrary file read vulnerability
Moderate
CVE-2023-28330
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
Moodle Improper Input Validation vulnerability
Moderate
CVE-2021-36402
was published
for
moodle/moodle
(Composer)
Mar 7, 2023
Shopware has Improper Input Validation issue in newsletter subscription
Moderate
CVE-2023-22734
was published
for
shopware/core
(Composer)
Jan 20, 2023
Shopware vulnerable to Improper Input Validation of Clearance sale in cart
Moderate
CVE-2023-22730
was published
for
shopware/core
(Composer)
Jan 17, 2023
Browsershot does not validate URL protocols passed to Browsershot URL method
High
CVE-2022-41706
was published
for
spatie/browsershot
(Composer)
Nov 25, 2022
Browsershot version 3.57.3 vulnerable to improper input validation
Moderate
CVE-2022-43984
was published
for
spatie/browsershot
(Composer)
Nov 25, 2022
Magento Improper input validation vulnerability
High
CVE-2022-42344
was published
for
magento/community-edition
(Composer)
Oct 20, 2022
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
Moderate
CVE-2022-36032
was published
for
react/http
(Composer)
Sep 16, 2022
Moodle Arbitrary file read when importing lesson questions
High
CVE-2022-35650
was published
for
moodle/moodle
(Composer)
Jul 26, 2022
Moodle PostScript Code Injection
Critical
CVE-2022-35649
was published
for
moodle/moodle
(Composer)
Jul 26, 2022
TYPO3 Image Processing susceptible to Code Execution
High
CVE-2019-11832
was published
for
typo3/cms
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API