Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

137 advisories

phpMyAdmin Cookie attribute injection attack High
CVE-2017-1000016 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
GeniXCMS denial of service (account blockage) Moderate
CVE-2017-14231 was published for genix/cms (Composer) May 17, 2022
CodeIgniter HTTP Header Injection High
CVE-2017-1000247 was published for codeigniter4/framework (Composer) May 17, 2022
Typo3 Host Header Spoofing Vulnerability Moderate
CVE-2014-3941 was published for typo3/cms (Composer) May 14, 2022
Moodle Portfolio script allows instantiation of class chosen by user High
CVE-2018-1137 was published for moodle/moodle (Composer) May 14, 2022
Shopware RCE Vulnerability Critical
CVE-2016-3109 was published for shopware/shopware (Composer) May 14, 2022
Symfony SSRF Vulnerability via Form Component Moderate
CVE-2017-16790 was published for symfony/form (Composer) May 14, 2022
Symfony Host Header Injection High
CVE-2018-14774 was published for symfony/symfony (Composer) May 14, 2022
Elefant CMS Improper Input Validation Critical
CVE-2018-15601 was published for elefant/cms (Composer) May 14, 2022
CakePHP allows remote attackers to spoof their IP High
CVE-2016-4793 was published for cakephp/cakephp (Composer) May 14, 2022
ravage84 tdunlap607
SabreDAV Directory Traversal vulnerability Moderate
CVE-2013-1939 was published for sabre/dav (Composer) May 14, 2022
Drupal Core Remote Code Execution Vulnerability Critical
CVE-2018-7600 was published for drupal/core (Composer) May 14, 2022
phpMyAdmin DoS Vulnerability High
CVE-2017-1000014 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
phpMyAdmin DoS Vulnerability High
CVE-2017-1000018 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
SimpleSAMLphp InfoCard module Incorrect signature verification High
CVE-2017-12874 was published for simplesamlphp/simplesamlphp-module-infocard (Composer) May 14, 2022
SimpleSAMLphp Authentication context bypass in the multiauth module High
CVE-2017-12869 was published for simplesamlphp/simplesamlphp (Composer) May 14, 2022
Drupal file REST resource does not properly validate Moderate
CVE-2017-6921 was published for drupal/core (Composer) May 13, 2022
Moodle XSS Vulnerability High
CVE-2018-10891 was published for moodle/moodle (Composer) May 13, 2022
Moodle is vulnerable to Improper Input Validation in MoodleQuickForm class Moderate
CVE-2013-2083 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle Arbitrary File Read via Backup Functionality Moderate
CVE-2012-6099 was published for moodle/moodle (Composer) May 13, 2022
Moodle allows attackers to trigger the generation of arbitrary messages Moderate
CVE-2014-9060 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle Incorrect sanitation of attributes in forums Moderate
CVE-2017-2576 was published for moodle/moodle (Composer) May 13, 2022
Codiad remote code execution vulnerability Critical
CVE-2018-14009 was published for codiad/codiad (Composer) May 13, 2022
Symfony collectionCascaded and collectionCascadedDeeply fields security bypass High
CVE-2013-4751 was published for symfony/symfony (Composer) May 5, 2022
phpMyAdmin HTTP Response Splitting Vulnerability High
CVE-2009-1149 was published for phpmyadmin/phpmyadmin (Composer) May 2, 2022
ProTip! Advisories are also available from the GraphQL API