Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

468 advisories

Loading
Path traversal in librenms/librenms Critical
CVE-2021-44278 was published for librenms/librenms (Composer) Dec 10, 2021
Deserialization of Untrusted Data in topthink/framework Critical
CVE-2021-36567 was published for topthink/framework (Composer) Dec 7, 2021
jhutchings1
Path manipulation in matyhtf/framework Critical
CVE-2021-43676 was published for matyhtf/framework (Composer) Dec 4, 2021
Rudloff
SQL Injection in rosariosis Critical
CVE-2021-44427 was published for francoisjacquet/rosariosis (Composer) Dec 2, 2021
OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS Critical
CVE-2021-41243 was published for baserproject/basercms (Composer) Dec 1, 2021
Webcache Poisoning in shopware/platform and shopware/core Critical
GHSA-r64m-qchj-hrjp was published for shopware/core (Composer) Nov 24, 2021
Moodle vulnerable to RCE via unsafe deserialization Critical
CVE-2021-3943 was published for moodle/moodle (Composer) Nov 23, 2021
Incorrect Access Control in Ignition Critical
CVE-2021-43996 was published for facade/ignition (Composer) Nov 19, 2021
DBAL 3 SQL Injection Security Vulnerability Critical
CVE-2021-43608 was published for doctrine/dbal (Composer) Nov 16, 2021
XML External Entity vulnerability in MODX CMS Critical
CVE-2020-25911 was published for modx/revolution (Composer) Nov 1, 2021
Showdoc File Upload Vulnerability Critical
CVE-2021-41745 was published for showdoc/showdoc (Composer) Oct 25, 2021
SQL Injection in medoo Critical
CVE-2019-10762 was published for catfan/medoo (Composer) Oct 12, 2021
Critical severity vulnerability in Ignition Critical
CVE-2020-13909 was published for facade/ignition (Composer) Oct 12, 2021
SQL Injection in topthink/thinkphp Critical
CVE-2020-20120 was published for topthink/thinkphp (Composer) Sep 30, 2021
Directory Traversal in typo3/phar-stream-wrapper Critical
CVE-2019-11831 was published for drupal/core (Composer) Sep 30, 2021
Improper Access Control in Webauthn Framework Critical
CVE-2021-38299 was published for web-auth/webauthn-framework (Composer) Sep 29, 2021
Unrestricted File Upload in ShowDoc v2.9.5 Critical
CVE-2021-36440 was published for showdoc/showdoc (Composer) Sep 9, 2021
Exposure of Sensitive Information to an Unauthorized Actor Critical
CVE-2021-32711 was published for shopware/platform (Composer) Sep 8, 2021
SQL Injection in Subrion CMS Critical
CVE-2020-18155 was published for intelliants/subrion (Composer) Sep 8, 2021
SQL injection in TYPO3 extension Critical
CVE-2021-38302 was published for ecodev/newsletter (Composer) Sep 2, 2021
Deserialization of Untrusted Data in codeception/codeception Critical
CVE-2021-23420 was published for codeception/codeception (Composer) Sep 1, 2021
Code injection in codiad Critical
CVE-2019-19208 was published for codiad/codiad (Composer) Sep 1, 2021
Dolibarr Cross-site Scripting vulnerability Critical
CVE-2021-25955 was published for dolibarr/dolibarr (Composer) Aug 30, 2021
SafeCurl before 0.9.2 has a DNS rebinding vulnerability. Critical
CVE-2020-36474 was published for vanilla/safecurl (Composer) Aug 25, 2021
Code injection in topthink/think Critical
CVE-2020-17952 was published for topthink/think (Composer) Aug 9, 2021
ProTip! Advisories are also available from the GraphQL API