GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,723
Erlang
29
GitHub Actions
16
Go
1,709
Maven
4,946
npm
3,474
NuGet
605
pip
2,999
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
150 advisories
Filter by severity
Moodle Code Injection vulnerability
Moderate
CVE-2023-5550
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
Moodle Code Injection vulnerability
High
CVE-2023-5540
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
Moodle Code Injection vulnerability
Moderate
CVE-2023-5539
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
Subrion remote command execution vulnerability
High
CVE-2023-46947
was published
for
intelliants/subrion
(Composer)
Nov 3, 2023
baserCMS Code Injection Vulnerability in Mail Form Feature
Moderate
CVE-2023-43792
was published
for
baserproject/basercms
(Composer)
Oct 26, 2023
Cachet vulnerable to Authenticated Remote Code Execution
Critical
CVE-2023-43661
was published
for
cachethq/cachet
(Composer)
Oct 16, 2023
Economizzer host header injection vulnerability
High
CVE-2023-38877
was published
for
gugoan/economizzer
(Composer)
Sep 28, 2023
Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script
High
CVE-2023-38886
was published
for
dolibarr/dolibarr
(Composer)
Sep 20, 2023
LibreNMS Code Injection vulnerability
Moderate
CVE-2023-4977
was published
for
librenms/librenms
(Composer)
Sep 15, 2023
Craft CMS Remote Code Execution vulnerability
Critical
CVE-2023-41892
was published
for
craftcms/cms
(Composer)
Sep 13, 2023
Command injection in pagekit
High
CVE-2023-41005
was published
for
pagekit/pagekit
(Composer)
Aug 29, 2023
TeamPass Code Injection vulnerability
Critical
CVE-2023-3551
was published
for
nilsteampassnet/teampass
(Composer)
Jul 8, 2023
Grav Server-side Template Injection (SSTI) via Denylist Bypass Vulnerability
High
CVE-2023-34253
was published
for
getgrav/grav
(Composer)
Jun 16, 2023
Grav Server-side Template Injection (SSTI) via Twig Default Filters
High
CVE-2023-34252
was published
for
getgrav/grav
(Composer)
Jun 16, 2023
Grav Server Side Template Injection (SSTI) vulnerability
Critical
CVE-2023-34251
was published
for
getgrav/grav
(Composer)
Jun 16, 2023
Withdrawn Advisory: CraftCMS Server-Side Template Injection vulnerability
High
CVE-2023-30179
was published
for
craftcms/cms
(Composer)
Jun 13, 2023
•
withdrawn
Code injection in nilsteampassnet/teampass
High
CVE-2023-2859
was published
for
nilsteampassnet/teampass
(Composer)
May 24, 2023
Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4
Critical
CVE-2023-32692
was published
for
codeigniter4/framework
(Composer)
May 22, 2023
CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter
High
CVE-2023-30130
was published
for
craftcms/cms
(Composer)
May 12, 2023
teampass vulnerable to code injection
High
CVE-2023-2591
was published
for
nilsteampassnet/teampass
(Composer)
May 9, 2023
Improper Control of Generation of Code in Twig rendered views
High
CVE-2023-2017
was published
for
shopware/core
(Composer)
Apr 18, 2023
phpMyFAQ Code Injection vulnerability
Moderate
CVE-2023-1761
was published
for
thorsten/phpmyfaq
(Composer)
Mar 31, 2023
Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input
Critical
CVE-2023-28333
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
Code Injection in alextselegidis/easyappointments
High
CVE-2023-1367
was published
for
alextselegidis/easyappointments
(Composer)
Mar 13, 2023
Remote code execution in Funadmin
Critical
CVE-2023-24776
was published
for
funadmin/funadmin
(Composer)
Mar 6, 2023
ProTip!
Advisories are also available from the
GraphQL API