Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

15 advisories

Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution Critical
GHSA-jjx7-8462-w4m4 was published for drupal/drupal (Composer) May 15, 2024
Moodle PostScript Code Injection Critical
CVE-2022-35649 was published for moodle/moodle (Composer) Jul 26, 2022
sr_freecap for Typo3 RCE Vulnerability Critical
CVE-2019-16699 was published for sjbr/sr-freecap (Composer) May 24, 2022
Shopware RCE Vulnerability Critical
CVE-2016-3109 was published for shopware/shopware (Composer) May 14, 2022
Elefant CMS Improper Input Validation Critical
CVE-2018-15601 was published for elefant/cms (Composer) May 14, 2022
Drupal Core Remote Code Execution Vulnerability Critical
CVE-2018-7600 was published for drupal/core (Composer) May 14, 2022
Codiad remote code execution vulnerability Critical
CVE-2018-14009 was published for codiad/codiad (Composer) May 13, 2022
Smarty3 Arbitrary PHP Code Execution Critical
CVE-2011-1028 was published for smarty/smarty (Composer) Apr 22, 2022
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors() Critical
CVE-2020-13756 was published for sabberworm/php-css-parser (Composer) Mar 26, 2022
Remote CLI Command Execution Vulnerability in CodeIgniter4 Critical
CVE-2022-24711 was published for codeigniter4/framework (Composer) Mar 1, 2022
iRedds
Magento improper input validation vulnerability Critical
CVE-2022-24086 was published for magento/community-edition (Composer) Feb 17, 2022
Arbitrary PHP code execution in Drupal Critical
CVE-2019-6339 was published for drupal/core (Composer) Jan 6, 2022
Moodle vulnerable to RCE via unsafe deserialization Critical
CVE-2021-3943 was published for moodle/moodle (Composer) Nov 23, 2021
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain Critical
CVE-2021-30492 was published for zendesk/zendesk_api_client_php (Composer) Apr 29, 2021
Potential Remote Code Execution in TYPO3 with mediace extension Critical
CVE-2020-15086 was published for friendsoftypo3/mediace (Composer) Jul 29, 2020
ohader
ProTip! Advisories are also available from the GraphQL API