Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,340
Erlang
31
GitHub Actions
22
Go
2,101
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
885
Swift
37
Unreviewed advisories
All unreviewed
5,000+

4,341 advisories

Loading
XXE in PHPSpreadsheet due to encoding issue High
CVE-2018-19277 was published for phpoffice/phpspreadsheet (Composer) Nov 20, 2019
MarkLee131
Timing attacks might allow practical recovery of the long-term private key High
CVE-2019-10764 was published for simplito/elliptic-php (Composer) Nov 20, 2019
Unauthenticated crypto and weak IV in Magento\Framework\Encryption High
CVE-2016-6485 was published for magento/community-edition (Composer) Nov 20, 2019
Symfony Service IDs Allow Injection Critical
CVE-2019-10910 was published for symfony/dependency-injection (Composer) Nov 18, 2019
SilverStripe Priviledge escalation through cache pollution Low
CVE-2019-12617 was published for silverstripe/framework (Composer) Nov 12, 2019
Lack of access control on upoaded files Moderate
CVE-2019-12245 was published for silverstripe/assets (Composer) Nov 12, 2019
Session fixation in change password form Moderate
CVE-2019-12203 was published for silverstripe/framework (Composer) Nov 12, 2019
Missing warning can lead to unauthenticated admin access in SilverStripe Critical
CVE-2019-12204 was published for silverstripe/cms (Composer) Nov 12, 2019
SilverStripe Versioned Files module Unpublished files are exposed publicly Moderate
CVE-2019-16409 was published for silverstripe/framework (Composer) Nov 12, 2019
Symfony Cross-site Scripting (XSS) vulnerability Moderate
CVE-2019-10909 was published for drupal/core (Composer) Nov 12, 2019
Composer JavaScript injection possible via html comments Moderate
CVE-2019-8233 was published for magento/community-edition (Composer) Nov 12, 2019
Magento Cross-Site Scripting via Attribute Set Name Moderate
CVE-2019-8145 was published for magento/community-edition (Composer) Nov 12, 2019
Bypass of sitemp access restrictions Moderate
CVE-2019-8133 was published for magento/community-edition (Composer) Nov 12, 2019
Remote code execution via vulnerable Symphony dependecy injection Critical
CVE-2019-8135 was published for magento/community-edition (Composer) Nov 12, 2019
Using JS libraries with known security vulnerabilities High
CVE-2019-8121 was published for magento/community-edition (Composer) Nov 12, 2019
Information disclosure through processing of external XML entities Moderate
CVE-2019-8126 was published for magento/community-edition (Composer) Nov 12, 2019
Signature validation bypass in XmlSecLibs High
CVE-2019-3465 was published for robrichards/xmlseclibs (Composer) Nov 8, 2019
Authorization Bypass Through User-Controlled Key in Bagisto Moderate
CVE-2019-16403 was published for bagisto/bagisto (Composer) Nov 8, 2019
Cross-site Scripting in Grav Moderate
CVE-2019-16126 was published for getgrav/grav (Composer) Nov 8, 2019
SQL Injection in SimpleSAMLphp Critical
CVE-2019-15537 was published for cesnet/simplesamlphp-module-proxystatistics (Composer) Nov 8, 2019
Cross-site scripting in Dolibarr Moderate
CVE-2019-16197 was published for dolibarr/dolibarr (Composer) Nov 8, 2019
Cross-site Scripting in Bolt Moderate
CVE-2019-15485 was published for bolt/bolt (Composer) Nov 8, 2019
Incorrect Access Control vulnerability in api-platform/core Moderate
CVE-2019-1000011 was published for api-platform/core (Composer) Oct 14, 2019
Cross-site Scripting in YII2-CMS Moderate
CVE-2019-16130 was published for yii2mod/yii2-cms (Composer) Oct 14, 2019
SQL Injection in LibreNMS High
CVE-2019-10671 was published for librenms/librenms (Composer) Oct 11, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database