GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
468 advisories
Filter by severity
Path traversal in librenms/librenms
Critical
CVE-2021-44278
was published
for
librenms/librenms
(Composer)
Dec 10, 2021
Deserialization of Untrusted Data in topthink/framework
Critical
CVE-2021-36567
was published
for
topthink/framework
(Composer)
Dec 7, 2021
Path manipulation in matyhtf/framework
Critical
CVE-2021-43676
was published
for
matyhtf/framework
(Composer)
Dec 4, 2021
SQL Injection in rosariosis
Critical
CVE-2021-44427
was published
for
francoisjacquet/rosariosis
(Composer)
Dec 2, 2021
OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS
Critical
CVE-2021-41243
was published
for
baserproject/basercms
(Composer)
Dec 1, 2021
Webcache Poisoning in shopware/platform and shopware/core
Critical
GHSA-r64m-qchj-hrjp
was published
for
shopware/core
(Composer)
Nov 24, 2021
Moodle vulnerable to RCE via unsafe deserialization
Critical
CVE-2021-3943
was published
for
moodle/moodle
(Composer)
Nov 23, 2021
Incorrect Access Control in Ignition
Critical
CVE-2021-43996
was published
for
facade/ignition
(Composer)
Nov 19, 2021
DBAL 3 SQL Injection Security Vulnerability
Critical
CVE-2021-43608
was published
for
doctrine/dbal
(Composer)
Nov 16, 2021
XML External Entity vulnerability in MODX CMS
Critical
CVE-2020-25911
was published
for
modx/revolution
(Composer)
Nov 1, 2021
Showdoc File Upload Vulnerability
Critical
CVE-2021-41745
was published
for
showdoc/showdoc
(Composer)
Oct 25, 2021
SQL Injection in medoo
Critical
CVE-2019-10762
was published
for
catfan/medoo
(Composer)
Oct 12, 2021
Critical severity vulnerability in Ignition
Critical
CVE-2020-13909
was published
for
facade/ignition
(Composer)
Oct 12, 2021
SQL Injection in topthink/thinkphp
Critical
CVE-2020-20120
was published
for
topthink/thinkphp
(Composer)
Sep 30, 2021
Directory Traversal in typo3/phar-stream-wrapper
Critical
CVE-2019-11831
was published
for
drupal/core
(Composer)
Sep 30, 2021
Improper Access Control in Webauthn Framework
Critical
CVE-2021-38299
was published
for
web-auth/webauthn-framework
(Composer)
Sep 29, 2021
Unrestricted File Upload in ShowDoc v2.9.5
Critical
CVE-2021-36440
was published
for
showdoc/showdoc
(Composer)
Sep 9, 2021
Exposure of Sensitive Information to an Unauthorized Actor
Critical
CVE-2021-32711
was published
for
shopware/platform
(Composer)
Sep 8, 2021
SQL Injection in Subrion CMS
Critical
CVE-2020-18155
was published
for
intelliants/subrion
(Composer)
Sep 8, 2021
SQL injection in TYPO3 extension
Critical
CVE-2021-38302
was published
for
ecodev/newsletter
(Composer)
Sep 2, 2021
Deserialization of Untrusted Data in codeception/codeception
Critical
CVE-2021-23420
was published
for
codeception/codeception
(Composer)
Sep 1, 2021
Code injection in codiad
Critical
CVE-2019-19208
was published
for
codiad/codiad
(Composer)
Sep 1, 2021
Dolibarr Cross-site Scripting vulnerability
Critical
CVE-2021-25955
was published
for
dolibarr/dolibarr
(Composer)
Aug 30, 2021
SafeCurl before 0.9.2 has a DNS rebinding vulnerability.
Critical
CVE-2020-36474
was published
for
vanilla/safecurl
(Composer)
Aug 25, 2021
Code injection in topthink/think
Critical
CVE-2020-17952
was published
for
topthink/think
(Composer)
Aug 9, 2021
ProTip!
Advisories are also available from the
GraphQL API