GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
137 advisories
Filter by severity
Indexed Search Engine for TYPO3 Command Execution via Metacharacter Injection
High
CVE-2009-0258
was published
for
typo3/cms
(Composer)
May 2, 2022
Moodle does not properly validate module instance id
Moderate
CVE-2006-4936
was published
for
moodle/moodle
(Composer)
May 1, 2022
Insufficient type validation in pocketmine/pocketmine-mp
High
GHSA-g5rr-p69h-7v3g
was published
for
pocketmine/pocketmine-mp
(Composer)
Apr 22, 2022
Missing input validation can lead to command execution in composer
High
CVE-2022-24828
was published
for
composer/composer
(Composer)
Apr 22, 2022
Smarty3 Arbitrary PHP Code Execution
Critical
CVE-2011-1028
was published
for
smarty/smarty
(Composer)
Apr 22, 2022
Typo3 Arbitrary File Delete
Moderate
CVE-2011-4902
was published
for
typo3/cms
(Composer)
Apr 22, 2022
Typo3 Improper Access Control
Moderate
CVE-2011-4904
was published
for
typo3/cms
(Composer)
Apr 22, 2022
TYPO3 is vulnerable to Spam Abuse in the native form content element
Moderate
CVE-2010-3667
was published
for
typo3/cms-frontend
(Composer)
Apr 21, 2022
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors()
Critical
CVE-2020-13756
was published
for
sabberworm/php-css-parser
(Composer)
Mar 26, 2022
FormField with square brackets in field name skips validation
Moderate
CVE-2020-26138
was published
for
silverstripe/framework
(Composer)
Mar 26, 2022
Improper Input Validation in guzzlehttp/psr7
Moderate
CVE-2022-24775
was published
for
guzzlehttp/psr7
(Composer)
Mar 25, 2022
NaN/INF in serverbound movement packets can crash clients and servers
High
GHSA-fm35-jgg3-3grx
was published
for
pocketmine/pocketmine-mp
(Composer)
Mar 18, 2022
Remote CLI Command Execution Vulnerability in CodeIgniter4
Critical
CVE-2022-24711
was published
for
codeigniter4/framework
(Composer)
Mar 1, 2022
Improper input validation in Drupal core
High
CVE-2022-25271
was published
for
drupal/core
(Composer)
Feb 18, 2022
Crypt_GPG does not prevent additional options in GPG calls
Moderate
CVE-2022-24953
was published
for
pear/crypt_gpg
(Composer)
Feb 18, 2022
Magento improper input validation vulnerability
Critical
CVE-2022-24086
was published
for
magento/community-edition
(Composer)
Feb 17, 2022
Logic error in dolibarr
Moderate
CVE-2022-0174
was published
for
dolibarr/dolibarr
(Composer)
Jan 12, 2022
Access to restricted PHP code by dynamic static class access in smarty
High
CVE-2021-21408
was published
for
smarty/smarty
(Composer)
Jan 12, 2022
Arbitrary PHP code execution in Drupal
Critical
CVE-2019-6339
was published
for
drupal/core
(Composer)
Jan 6, 2022
YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number
High
CVE-2021-4111
was published
for
yetiforce/yetiforce-crm
(Composer)
Dec 16, 2021
YetiForceCRM is vulnerable to Business Logic Errors in the weight of a product
Moderate
CVE-2021-4117
was published
for
yetiforce/yetiforce-crm
(Composer)
Dec 16, 2021
Moodle vulnerable to RCE via unsafe deserialization
Critical
CVE-2021-3943
was published
for
moodle/moodle
(Composer)
Nov 23, 2021
HTTP Host Header Injection
Moderate
CVE-2021-41114
was published
for
typo3/cms
(Composer)
Oct 5, 2021
Improper Input Validation in Firefly III
Low
CVE-2019-14671
was published
for
grumpydictator/firefly-iii
(Composer)
Sep 8, 2021
Data Flow Sanitation Issue Fix
High
CVE-2021-32759
was published
for
openmage/magento-lts
(Composer)
Aug 30, 2021
ProTip!
Advisories are also available from the
GraphQL API