Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,804
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,007
Pub
10
RubyGems
830
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+

153 advisories

Symphony Vulnerable to PHP Code Injection via YAML Parsing High
CVE-2013-1348 was published for symfony/symfony (Composer) May 17, 2022
Symfony Arbitrary PHP code Execution High
CVE-2013-1397 was published for symfony/symfony (Composer) May 17, 2022
Smarty arbitrary PHP code execution High
CVE-2014-8350 was published for smarty/smarty (Composer) May 17, 2022
GeniXCMS arbitrary PHP code execution High
CVE-2017-14764 was published for genix/cms (Composer) May 17, 2022
Zeta Components Mail Arbitrary code execution via a crafted email address High
CVE-2017-15806 was published for zetacomponents/mail (Composer) May 17, 2022
Smarty PHP code injection Critical
CVE-2017-1000480 was published for smarty/smarty (Composer) May 14, 2022
yii2-redis Potential Remote code execution Critical
CVE-2018-8073 was published for yiisoft/yii2-redis (Composer) May 14, 2022
Centreon RCE Vulnerability Critical
CVE-2018-11587 was published for centreon/centreon (Composer) May 14, 2022
Drupal PECL YAML parser unsafe object handling Critical
CVE-2017-6920 was published for drupal/core (Composer) May 14, 2022
phpMyAdmin remote variable manipulation Moderate
CVE-2011-2505 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
phpMyAdmin vulnerable to static code injection High
CVE-2011-2506 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
PHPMailer susceptible to arbitrary code execution High
CVE-2008-5619 was published for phpmailer/phpmailer (Composer) May 14, 2022
jhutchings1
Subrion CMS PHP Object Injection Critical
CVE-2017-5543 was published for intelliants/subrion (Composer) May 14, 2022
PrestaShop PHP Object Injection High
CVE-2018-20717 was published for prestashop/prestashop (Composer) May 14, 2022
Code Injection in baserCMS High
CVE-2017-10844 was published for baserproject/basercms (Composer) May 14, 2022
phpWhois arbitrary code execution via a crafted whois record Critical
CVE-2015-5243 was published for brightlocal/phpwhois (Composer) May 14, 2022
MAGMI plugin for Magento Unsafe File Upload High
CVE-2014-8770 was published for dweeves/magmi (Composer) May 14, 2022
Moodle XML import of ddwtos could lead to intentional remote code execution High
CVE-2018-14630 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Elefant CMS PHP Code Execution Vulnerability Critical
CVE-2018-16975 was published for elefant/cms (Composer) May 13, 2022
SEOmatic plugin for Craft CMS SSTI Vulnerability High
CVE-2018-14716 was published for nystudio107/craft-seomatic (Composer) May 13, 2022
Moodle calculated question type allows remote code execution by Question authors High
CVE-2018-1133 was published for moodle/moodle (Composer) May 13, 2022
Moodle remote code execution via quiz questions Moderate
CVE-2014-3545 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle vulnerable to PHP object injection attacks High
CVE-2014-3541 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Securimage HTML Injection Moderate
CVE-2017-14077 was published for dapphp/securimage (Composer) May 13, 2022
Moodle Authenticated Spelling Binary Remote Code Execution Moderate
CVE-2013-3630 was published for moodle/moodle (Composer) May 13, 2022
ProTip! Advisories are also available from the GraphQL API