GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,825
Erlang
29
GitHub Actions
16
Go
1,715
Maven
4,950
npm
3,479
NuGet
605
pip
3,009
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+
153 advisories
Filter by severity
Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input
Critical
CVE-2023-28333
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
Code Injection in alextselegidis/easyappointments
High
CVE-2023-1367
was published
for
alextselegidis/easyappointments
(Composer)
Mar 13, 2023
Remote code execution in Funadmin
Critical
CVE-2023-24776
was published
for
funadmin/funadmin
(Composer)
Mar 6, 2023
Code Injection in froxlor/froxlor
High
CVE-2023-0877
was published
for
froxlor/froxlor
(Composer)
Feb 17, 2023
Code Injection in thorsten/phpmyfaq
Moderate
CVE-2023-0792
was published
for
thorsten/phpmyfaq
(Composer)
Feb 12, 2023
Code Injection in thorsten/phpmyfaq
Critical
CVE-2023-0788
was published
for
thorsten/phpmyfaq
(Composer)
Feb 12, 2023
froxlor is vulnerable to privilege escalation from customer to root via directory-options
High
CVE-2023-0671
was published
for
froxlor/froxlor
(Composer)
Feb 4, 2023
Command injection in yiisoft/yii2-gii
High
CVE-2020-36655
was published
for
yiisoft/yii2-gii
(Composer)
Jan 21, 2023
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views
Critical
CVE-2023-22731
was published
for
shopware/core
(Composer)
Jan 17, 2023
XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument
Moderate
GHSA-7vcx-v65q-9wpg
was published
for
phpxmlrpc/phpxmlrpc
(Composer)
Jan 11, 2023
nterchange Code Injection vulnerability
Critical
CVE-2015-10009
was published
for
nonfiction/nterchange
(Composer)
Jan 2, 2023
TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework
High
CVE-2022-23503
was published
for
typo3/cms
(Composer)
Dec 13, 2022
Akeneo PIM Community Edition vulnerable to remote php code execution
High
CVE-2022-46157
was published
for
akeneo/pim-community-dev
(Composer)
Dec 9, 2022
Zenario CMS is vulnerable to Remote Code Execution (RCE).
Critical
CVE-2022-44136
was published
for
tribalsystems/zenario
(Composer)
Nov 30, 2022
Badaso vulnerable to Remote Code Execution (RCE)
Critical
CVE-2022-41705
was published
for
badaso/core
(Composer)
Nov 25, 2022
Froxlor vulnerable to code injection
Moderate
CVE-2022-3869
was published
for
froxlor/froxlor
(Composer)
Nov 5, 2022
Froxlor vulnerable to Code Injection
Moderate
CVE-2022-3721
was published
for
froxlor/froxlor
(Composer)
Nov 4, 2022
RCE vulnerability in Pimcore/Mail & Dynamic Text Layout
Critical
CVE-2022-39365
was published
for
pimcore/pimcore
(Composer)
Oct 29, 2022
October CMS Safe Mode bypass leads to authenticated Remote Code Execution
High
CVE-2022-35944
was published
for
october/system
(Composer)
Oct 13, 2022
PHPMailer vulnerable to email header injection
High
CVE-2012-0796
was published
for
phpmailer/phpmailer
(Composer)
Oct 6, 2022
Moodle remote code execution
Critical
CVE-2022-40314
was published
for
moodle/moodle
(Composer)
Oct 1, 2022
Microweber vulnerable to HTML Injection in create tag functionality
Moderate
CVE-2022-3245
was published
for
microweber/microweber
(Composer)
Sep 21, 2022
WooCommerce WordPress plugin before 6.6.0 vulnerable to stored HTML injection
Moderate
CVE-2022-2099
was published
for
woocommerce/woocommerce
(Composer)
Jul 18, 2022
Code injection in Elefant CMS
High
CVE-2017-20064
was published
for
elefant/cms
(Composer)
Jun 21, 2022
ProTip!
Advisories are also available from the
GraphQL API