Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

460 advisories

SQL injection in vhs (aka VHS: Fluid ViewHelpers) Critical
CVE-2021-28381 was published for fluidtypo3/vhs (Composer) Mar 29, 2021
Leak of information via Store-API aggregations in shopware/platform and shopware/core Critical
GHSA-qg7c-q3vq-rgxr was published for shopware/core (Composer) Apr 13, 2021
After order payment process manipulation in shopware/platform and shopware/core Critical
GHSA-88rc-3p98-rgvx was published for shopware/core (Composer) Apr 13, 2021
Fixes a bug in Zend Framework's Stream HTTP Wrapper Critical
CVE-2021-21426 was published for openmage/magento-lts (Composer) Apr 22, 2021
Backport for CVE-2021-21024 Blind SQLi from Magento 2 Critical
CVE-2021-21427 was published for openmage/magento-lts (Composer) Apr 22, 2021
Insecure Deserialization of untrusted data in rmccue/requests Critical
CVE-2021-29476 was published for rmccue/requests (Composer) Apr 29, 2021
xknown whyisjake
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain Critical
CVE-2021-30492 was published for zendesk/zendesk_api_client_php (Composer) Apr 29, 2021
Object injection in PHPMailer/PHPMailer Critical
CVE-2020-36326 was published for phpmailer/phpmailer (Composer) May 4, 2021
Authentication bypass in MAGMI Critical
CVE-2020-5777 was published for dweeves/magmi (Composer) May 6, 2021
Improper Certificate Validation in WP-CLI framework Critical
CVE-2021-29504 was published for wp-cli/wp-cli (Composer) May 19, 2021
WhiteWinterWolf
XSS vulnerability with translator Critical
CVE-2021-32671 was published for flarum/core (Composer) Jun 7, 2021
davwheat
Remote code execution in zendframework and laminas-http Critical
CVE-2021-3007 was published for laminas/laminas-http (Composer) Jun 8, 2021
Server-Side Request Forgery in Feehi CMS Critical
CVE-2021-30108 was published for feehi/cms (Composer) Jun 8, 2021
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE Critical
CVE-2021-32682 was published for studio-42/elfinder (Composer) Jun 16, 2021
thomas-chauchefoin-sonarsource
SQL Injection in NukeViet Critical
CVE-2019-7726 was published for nukeviet/nukeviet (Composer) Jun 22, 2021
Deserialization of Untrusted Data in NukeViet Critical
CVE-2019-7725 was published for nukeviet/nukeviet (Composer) Jun 22, 2021
Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem Critical
CVE-2021-32708 was published for league/flysystem (Composer) Jun 29, 2021
stevenseeley
Craft CMS Remote Code Injection Critical
CVE-2021-27903 was published for craftcms/cms (Composer) Jul 2, 2021
Code injection in topthink/think Critical
CVE-2020-17952 was published for topthink/think (Composer) Aug 9, 2021
SafeCurl before 0.9.2 has a DNS rebinding vulnerability. Critical
CVE-2020-36474 was published for vanilla/safecurl (Composer) Aug 25, 2021
Dolibarr Cross-site Scripting vulnerability Critical
CVE-2021-25955 was published for dolibarr/dolibarr (Composer) Aug 30, 2021
Code injection in codiad Critical
CVE-2019-19208 was published for codiad/codiad (Composer) Sep 1, 2021
Deserialization of Untrusted Data in codeception/codeception Critical
CVE-2021-23420 was published for codeception/codeception (Composer) Sep 1, 2021
SQL injection in TYPO3 extension Critical
CVE-2021-38302 was published for ecodev/newsletter (Composer) Sep 2, 2021
SQL Injection in Subrion CMS Critical
CVE-2020-18155 was published for intelliants/subrion (Composer) Sep 8, 2021
ProTip! Advisories are also available from the GraphQL API