GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
137 advisories
Filter by severity
phpMyAdmin Cookie attribute injection attack
High
CVE-2017-1000016
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
GeniXCMS denial of service (account blockage)
Moderate
CVE-2017-14231
was published
for
genix/cms
(Composer)
May 17, 2022
CodeIgniter HTTP Header Injection
High
CVE-2017-1000247
was published
for
codeigniter4/framework
(Composer)
May 17, 2022
Typo3 Host Header Spoofing Vulnerability
Moderate
CVE-2014-3941
was published
for
typo3/cms
(Composer)
May 14, 2022
Moodle Portfolio script allows instantiation of class chosen by user
High
CVE-2018-1137
was published
for
moodle/moodle
(Composer)
May 14, 2022
Shopware RCE Vulnerability
Critical
CVE-2016-3109
was published
for
shopware/shopware
(Composer)
May 14, 2022
Symfony SSRF Vulnerability via Form Component
Moderate
CVE-2017-16790
was published
for
symfony/form
(Composer)
May 14, 2022
Symfony Host Header Injection
High
CVE-2018-14774
was published
for
symfony/symfony
(Composer)
May 14, 2022
Elefant CMS Improper Input Validation
Critical
CVE-2018-15601
was published
for
elefant/cms
(Composer)
May 14, 2022
CakePHP allows remote attackers to spoof their IP
High
CVE-2016-4793
was published
for
cakephp/cakephp
(Composer)
May 14, 2022
SabreDAV Directory Traversal vulnerability
Moderate
CVE-2013-1939
was published
for
sabre/dav
(Composer)
May 14, 2022
Drupal Core Remote Code Execution Vulnerability
Critical
CVE-2018-7600
was published
for
drupal/core
(Composer)
May 14, 2022
phpMyAdmin DoS Vulnerability
High
CVE-2017-1000014
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
phpMyAdmin DoS Vulnerability
High
CVE-2017-1000018
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
SimpleSAMLphp InfoCard module Incorrect signature verification
High
CVE-2017-12874
was published
for
simplesamlphp/simplesamlphp-module-infocard
(Composer)
May 14, 2022
SimpleSAMLphp Authentication context bypass in the multiauth module
High
CVE-2017-12869
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 14, 2022
Drupal file REST resource does not properly validate
Moderate
CVE-2017-6921
was published
for
drupal/core
(Composer)
May 13, 2022
Moodle XSS Vulnerability
High
CVE-2018-10891
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle is vulnerable to Improper Input Validation in MoodleQuickForm class
Moderate
CVE-2013-2083
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Arbitrary File Read via Backup Functionality
Moderate
CVE-2012-6099
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to trigger the generation of arbitrary messages
Moderate
CVE-2014-9060
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Incorrect sanitation of attributes in forums
Moderate
CVE-2017-2576
was published
for
moodle/moodle
(Composer)
May 13, 2022
Codiad remote code execution vulnerability
Critical
CVE-2018-14009
was published
for
codiad/codiad
(Composer)
May 13, 2022
Symfony collectionCascaded and collectionCascadedDeeply fields security bypass
High
CVE-2013-4751
was published
for
symfony/symfony
(Composer)
May 5, 2022
phpMyAdmin HTTP Response Splitting Vulnerability
High
CVE-2009-1149
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 2, 2022
ProTip!
Advisories are also available from the
GraphQL API