Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,057 advisories

Loading
Disabled users able to log in with third party SSO plugin High
CVE-2017-1000489 was published for mautic/core (Composer) Jan 19, 2021
Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID High
CVE-2018-10189 was published for mautic/core (Composer) Jan 19, 2021
micschk
XSS in Mautic High
CVE-2021-3142 was published for mautic/core (Composer) Jan 29, 2021
dennisameling
Unexpected database bindings High
GHSA-x7p5-p2c9-phvg was published for illuminate/database (Composer) Feb 2, 2021
SSRF in adminer High
CVE-2021-21311 was published for vrana/adminer (Composer) Feb 11, 2021
bpsizemore UNC1739
Path traversal in bolt/core High
CVE-2021-27367 was published for bolt/core (Composer) Feb 18, 2021
Path traversal in pimcore/pimcore High
CVE-2021-23340 was published for pimcore/pimcore (Composer) Feb 25, 2021
Sandbox escape through template_object in smarty High
CVE-2021-26119 was published for smarty/smarty (Composer) Mar 2, 2021
stevenseeley
/user/sessions endpoint allows detecting valid accounts High
GHSA-7vwg-39h8-8qp8 was published for ezsystems/ezplatform-rest (Composer) Mar 11, 2021
/user/sessions endpoint allows detecting valid accounts High
GHSA-gmrf-99gw-vvwj was published for ezsystems/ezpublish-kernel (Composer) Mar 11, 2021
Cross-site scripting in eZ Platform Kernel High
GHSA-mrvj-7q4f-5p42 was published for ezsystems/ezplatform-kernel (Composer) Mar 19, 2021
Unrestricted File Upload in Form Framework High
CVE-2021-21355 was published for typo3/cms (Composer) Mar 23, 2021
smichaelsen ohader
marclindemann vertexvaar sushiwushi waldhacker1
Broken Access Control in Form Framework High
CVE-2021-21357 was published for typo3/cms (Composer) Mar 23, 2021
sushiwushi waldhacker1
Improper Access Control in moodle High
CVE-2020-25698 was published for moodle/moodle (Composer) Mar 29, 2021
MarkLee131
Privilage Escalation in moodle High
CVE-2020-25699 was published for moodle/moodle (Composer) Mar 29, 2021
Improper Certificate Validation in phpseclib High
CVE-2021-30130 was published for phpseclib/phpseclib (Composer) Apr 7, 2021
Grav's Twig processing allowing dangerous PHP functions by default High
CVE-2021-29440 was published for getgrav/grav (Composer) Apr 16, 2021
thomas-chauchefoin-sonarsource
Directory Traversal in Archive_Tar High
CVE-2020-36193 was published for pear/archive_tar (Composer) Apr 22, 2021
Deserialization of Untrusted Data in Archive_Tar High
CVE-2020-28948 was published for pear/archive_tar (Composer) Apr 22, 2021
Multiple vulnerabilities through filename manipulation in Archive_Tar High
CVE-2020-28949 was published for pear/archive_tar (Composer) Apr 22, 2021
Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial High
CVE-2021-29472 was published for composer/composer (Composer) Apr 29, 2021
thomas-chauchefoin-sonarsource
SQL Server LIMIT / OFFSET SQL Injection in laravel/framework and illuminate/database High
GHSA-4mg9-vhxq-vm7j was published for illuminate/database (Composer) Apr 29, 2021
Cross-site scripting (XSS) from unsanitized uploaded SVG files in Kirby High
CVE-2021-29460 was published for getkirby/cms (Composer) Apr 30, 2021
sreenathr10
SQL Injection in librenms High
CVE-2020-35700 was published for librenms/librenms (Composer) May 6, 2021
Cross-Site Request Forgery in ForkCMS High
CVE-2020-23960 was published for forkcms/forkcms (Composer) May 6, 2021
ProTip! Advisories are also available from the GraphQL API