Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

137 advisories

SMTP Injection in PHPMailer Low
CVE-2015-8476 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
NaN/INF in serverbound movement packets can crash clients and servers High
GHSA-fm35-jgg3-3grx was published for pocketmine/pocketmine-mp (Composer) Mar 18, 2022
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain Critical
CVE-2021-30492 was published for zendesk/zendesk_api_client_php (Composer) Apr 29, 2021
Insufficient type validation in pocketmine/pocketmine-mp High
GHSA-g5rr-p69h-7v3g was published for pocketmine/pocketmine-mp (Composer) Apr 22, 2022
kurt-r2c
Shopware has Improper Input Validation issue in newsletter subscription Moderate
CVE-2023-22734 was published for shopware/core (Composer) Jan 20, 2023
Shopware vulnerable to Improper Input Validation of Clearance sale in cart Moderate
CVE-2023-22730 was published for shopware/core (Composer) Jan 17, 2023
JoshuaBehrens aragon999
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent Moderate
CVE-2022-36032 was published for react/http (Composer) Sep 16, 2022
lavish
YetiForceCRM is vulnerable to Business Logic Errors in the weight of a product Moderate
CVE-2021-4117 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number High
CVE-2021-4111 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code High
CVE-2010-4335 was published for cakephp/cakephp (Composer) May 17, 2022
ravage84
Improper Input Validation in Firefly III Low
CVE-2019-14671 was published for grumpydictator/firefly-iii (Composer) Sep 8, 2021
Improper Input Validation in Centreon Web High
CVE-2019-16405 was published for centreon/centreon (Composer) Jul 28, 2021
Data Flow Sanitation Issue Fix High
CVE-2021-32759 was published for openmage/magento-lts (Composer) Aug 30, 2021
Manipulation of product reviews via API Moderate
CVE-2021-37707 was published for shopware/core (Composer) Aug 30, 2021
Improper input validation in Drupal core High
CVE-2022-25271 was published for drupal/core (Composer) Feb 18, 2022
Crypt_GPG does not prevent additional options in GPG calls Moderate
CVE-2022-24953 was published for pear/crypt_gpg (Composer) Feb 18, 2022
Moodle Improper Input Validation vulnerability Moderate
CVE-2021-36402 was published for moodle/moodle (Composer) Mar 7, 2023
Browsershot does not validate URL protocols passed to Browsershot URL method High
CVE-2022-41706 was published for spatie/browsershot (Composer) Nov 25, 2022
tdunlap607
Firefly III vulnerable to improper input validation Moderate
CVE-2023-1789 was published for grumpydictator/firefly-iii (Composer) Apr 1, 2023
phpMyFAQ vulnerable to improper input validation Moderate
CVE-2023-1754 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
Browsershot version 3.57.3 vulnerable to improper input validation Moderate
CVE-2022-43984 was published for spatie/browsershot (Composer) Nov 25, 2022
tdunlap607
CakePHP allows remote attackers to spoof their IP High
CVE-2016-4793 was published for cakephp/cakephp (Composer) May 14, 2022
ravage84 tdunlap607
XMPP Clients User Impersonation Vulnerability in Movim Moxl Moderate
CVE-2017-5605 was published for movim/moxl (Composer) May 17, 2022
Moodle vulnerable to RCE via unsafe deserialization Critical
CVE-2021-3943 was published for moodle/moodle (Composer) Nov 23, 2021
Logic error in dolibarr Moderate
CVE-2022-0174 was published for dolibarr/dolibarr (Composer) Jan 12, 2022
ProTip! Advisories are also available from the GraphQL API