GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
137 advisories
Filter by severity
Magento Improper input validation vulnerability
Moderate
CVE-2021-28585
was published
for
magento/community-edition
(Composer)
May 24, 2022
EC-CUBE Improper input validation vulnerability
High
CVE-2020-5680
was published
for
ec-cube/ec-cube
(Composer)
May 24, 2022
Moodle vulnerable to RCE
High
CVE-2020-10738
was published
for
moodle/moodle
(Composer)
May 24, 2022
Froxlor Information Disclosure
Moderate
CVE-2020-10236
was published
for
froxlor/froxlor
(Composer)
May 24, 2022
Froxlor arbitrary code execution via the database configuration options
High
CVE-2020-10235
was published
for
froxlor/froxlor
(Composer)
May 24, 2022
Magento arbitrary PHP code execution via the productData parameter
High
CVE-2015-6497
was published
for
magento/core
(Composer)
May 24, 2022
sr_freecap for Typo3 RCE Vulnerability
Critical
CVE-2019-16699
was published
for
sjbr/sr-freecap
(Composer)
May 24, 2022
Magento 2 Community Edition Information Disclosure
Moderate
CVE-2019-7898
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition Information Disclosure
Moderate
CVE-2019-7899
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition RCE Vulnerability
High
CVE-2019-7885
was published
for
magento/community-edition
(Composer)
May 24, 2022
Moodle Private files uploaded via incoming mail processing could bypass quota restrictions
Moderate
CVE-2019-10134
was published
for
moodle/moodle
(Composer)
May 24, 2022
CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code
High
CVE-2010-4335
was published
for
cakephp/cakephp
(Composer)
May 17, 2022
Typo3 API XSS Vulnerabilities
Moderate
CVE-2012-1608
was published
for
typo3/cms
(Composer)
May 17, 2022
Silverstripe CMS Arbitrary Code Execution
Moderate
CVE-2011-4962
was published
for
silverstripe/cms
(Composer)
May 17, 2022
Typo3 Vulnerable to Cache Poisoning
High
CVE-2014-9509
was published
for
typo3/cms
(Composer)
May 17, 2022
Drupal Denial of service via transliterate mechanism
Moderate
CVE-2016-9452
was published
for
drupal/core
(Composer)
May 17, 2022
phpMyAdmin Improper Input Validation
Moderate
CVE-2016-2562
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
TYPO3 OpenID extension Open redirect vulnerability
Moderate
CVE-2013-7079
was published
for
friendsoftypo3/openid
(Composer)
May 17, 2022
XMPP Clients User Impersonation Vulnerability in Movim Moxl
Moderate
CVE-2017-5605
was published
for
movim/moxl
(Composer)
May 17, 2022
Laravel does not properly constrain the host portion of a password-reset URL
Moderate
CVE-2017-9303
was published
for
illuminate/auth
(Composer)
May 17, 2022
phpMyAdmin DoS Vulnerability
Moderate
CVE-2016-6623
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
phpMyAdmin Denial of Service (DoS)
Moderate
CVE-2016-9860
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
phpMyAdmin DoS Vulnerability
High
CVE-2016-9863
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API