Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

479 advisories

Loading
himiklab yii2-jqgrid-widget vulnerable to SQL Injection Critical
CVE-2014-125051 was published for himiklab/yii2-jqgrid-widget (Composer) Jan 6, 2023
Badaso vulnerable to Remote Code Execution (RCE) Critical
CVE-2022-41705 was published for badaso/core (Composer) Nov 25, 2022
PrestaShop eval injection possible if shop vulnerable to SQL injection Critical
CVE-2022-31181 was published for prestashop/prestashop (Composer) Jul 29, 2022
Duplicate Advisory GHSA-hrgx-p36p-89q4 Critical
CVE-2022-36408 was published for prestashop/prestashop (Composer) Jul 23, 2022 withdrawn
SQL Injection in typo3 extension "LUX - TYPO3 Marketing Automation" Critical
CVE-2022-35628 was published for in2code/lux (Composer) Jul 15, 2022
Path traversal in Concrete CMS Critical
CVE-2022-30117 was published for concrete5/core (Composer) Jun 25, 2022
Deserialization of Untrusted Data in topthink/framework Critical
CVE-2022-33107 was published for topthink/framework (Composer) Jun 30, 2022
SQL Injection in RosarioSIS Critical
CVE-2022-2067 was published for francoisjacquet/rosariosis (Composer) Jun 14, 2022
Code Injection in SEOmatic Critical
CVE-2021-41749 was published for nystudio107/craft-seomatic (Composer) Jun 13, 2022
Unserialized Pop Chain in Laravel Critical
CVE-2022-31279 was published for laravel/laravel (Composer) Jun 8, 2022 withdrawn
mir-hossein
ThinkPHP deserialization vulnerability Critical
CVE-2022-38352 was published for topthink/framework (Composer) Sep 16, 2022
Rank Math SEO plugin vulnerable to Server-Side Request Forgery Critical
CVE-2022-36376 was published for rankmath/seo-by-rank-math (Composer) Sep 10, 2022
Cross site scripting in facturascripts Critical
CVE-2022-1457 was published for neorazorx/facturascripts (Composer) Apr 26, 2022
Remote Code Execution in Laravel Critical
CVE-2021-43503 was published for laravel/laravel (Composer) Apr 9, 2022 withdrawn
mir-hossein
SQL injection in pagekit/pagekit Critical
CVE-2021-44135 was published for pagekit/pagekit (Composer) Apr 2, 2022
SQL Injection in ImpressCMS Critical
CVE-2021-26599 was published for impresscms/impresscms (Composer) Mar 29, 2022
Sandbox bypass in fenom Critical
CVE-2021-46433 was published for fenom/fenom (Composer) Mar 29, 2022
Type Confusion in ImpressCMS Critical
CVE-2021-26600 was published for impresscms/impresscms (Composer) Mar 29, 2022
Remote Code Execution in Contao Managed Edition Critical
CVE-2022-26265 was published for contao/managed-edition (Composer) Mar 20, 2022
Unrestricted Upload of File with Dangerous Type in Zenario CMS Critical
CVE-2021-42171 was published for tribalsystems/zenario (Composer) Mar 15, 2022
Cross-site Scripting in showdoc/showdoc Critical
CVE-2022-0960 was published for showdoc/showdoc (Composer) Mar 15, 2022
DQL injection through sorting parameters blocked Critical
CVE-2022-24752 was published for sylius/grid-bundle (Composer) Mar 15, 2022
dbalabka
SQL Injection in WordPress Zero Spam WordPress plugin Critical
CVE-2022-0254 was published for bmarshall511/wordpress_zero_spam (Composer) Mar 15, 2022
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views Critical
CVE-2023-22731 was published for shopware/core (Composer) Jan 17, 2023
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection Critical
CVE-2023-22727 was published for cakephp/cakephp (Composer) Jan 20, 2023
ravage84
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database