GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,804
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,007
Pub
10
RubyGems
830
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+
153 advisories
Filter by severity
Symphony Vulnerable to PHP Code Injection via YAML Parsing
High
CVE-2013-1348
was published
for
symfony/symfony
(Composer)
May 17, 2022
Symfony Arbitrary PHP code Execution
High
CVE-2013-1397
was published
for
symfony/symfony
(Composer)
May 17, 2022
Smarty arbitrary PHP code execution
High
CVE-2014-8350
was published
for
smarty/smarty
(Composer)
May 17, 2022
GeniXCMS arbitrary PHP code execution
High
CVE-2017-14764
was published
for
genix/cms
(Composer)
May 17, 2022
Zeta Components Mail Arbitrary code execution via a crafted email address
High
CVE-2017-15806
was published
for
zetacomponents/mail
(Composer)
May 17, 2022
Smarty PHP code injection
Critical
CVE-2017-1000480
was published
for
smarty/smarty
(Composer)
May 14, 2022
yii2-redis Potential Remote code execution
Critical
CVE-2018-8073
was published
for
yiisoft/yii2-redis
(Composer)
May 14, 2022
Centreon RCE Vulnerability
Critical
CVE-2018-11587
was published
for
centreon/centreon
(Composer)
May 14, 2022
Drupal PECL YAML parser unsafe object handling
Critical
CVE-2017-6920
was published
for
drupal/core
(Composer)
May 14, 2022
phpMyAdmin remote variable manipulation
Moderate
CVE-2011-2505
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
phpMyAdmin vulnerable to static code injection
High
CVE-2011-2506
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
PHPMailer susceptible to arbitrary code execution
High
CVE-2008-5619
was published
for
phpmailer/phpmailer
(Composer)
May 14, 2022
Subrion CMS PHP Object Injection
Critical
CVE-2017-5543
was published
for
intelliants/subrion
(Composer)
May 14, 2022
PrestaShop PHP Object Injection
High
CVE-2018-20717
was published
for
prestashop/prestashop
(Composer)
May 14, 2022
Code Injection in baserCMS
High
CVE-2017-10844
was published
for
baserproject/basercms
(Composer)
May 14, 2022
phpWhois arbitrary code execution via a crafted whois record
Critical
CVE-2015-5243
was published
for
brightlocal/phpwhois
(Composer)
May 14, 2022
MAGMI plugin for Magento Unsafe File Upload
High
CVE-2014-8770
was published
for
dweeves/magmi
(Composer)
May 14, 2022
Moodle XML import of ddwtos could lead to intentional remote code execution
High
CVE-2018-14630
was published
for
moodle/moodle
(Composer)
May 13, 2022
Elefant CMS PHP Code Execution Vulnerability
Critical
CVE-2018-16975
was published
for
elefant/cms
(Composer)
May 13, 2022
SEOmatic plugin for Craft CMS SSTI Vulnerability
High
CVE-2018-14716
was published
for
nystudio107/craft-seomatic
(Composer)
May 13, 2022
Moodle calculated question type allows remote code execution by Question authors
High
CVE-2018-1133
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle remote code execution via quiz questions
Moderate
CVE-2014-3545
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle vulnerable to PHP object injection attacks
High
CVE-2014-3541
was published
for
moodle/moodle
(Composer)
May 13, 2022
Securimage HTML Injection
Moderate
CVE-2017-14077
was published
for
dapphp/securimage
(Composer)
May 13, 2022
Moodle Authenticated Spelling Binary Remote Code Execution
Moderate
CVE-2013-3630
was published
for
moodle/moodle
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API