GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,057 advisories
Filter by severity
SQL Injection in pimcore
High
CVE-2020-7759
was published
for
pimcore/pimcore
(Composer)
May 6, 2021
Improper Input Validation in Laravel
High
CVE-2020-24941
was published
for
laravel/framework
(Composer)
May 6, 2021
Improper rate limiting in Koel
High
CVE-2021-33563
was published
for
phanan/koel
(Composer)
Jun 1, 2021
OS Command Injection in baserCMS
High
CVE-2021-20682
was published
for
baserproject/basercms
(Composer)
Jun 8, 2021
elFinder unsafe upload filtering leading to remote code execution
High
CVE-2021-23394
was published
for
studio-42/elfinder
(Composer)
Jun 15, 2021
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows
High
CVE-2021-34551
was published
for
phpmailer/phpmailer
(Composer)
Jun 22, 2021
PHPMailer untrusted code may be run from an overridden address validator
High
CVE-2021-3603
was published
for
phpmailer/phpmailer
(Composer)
Jun 22, 2021
Command Injection in Centreon
High
CVE-2020-13252
was published
for
centreon/centreon
(Composer)
Jun 22, 2021
Cross-Site Request Forgery in forkcms
High
CVE-2020-23264
was published
for
forkcms/forkcms
(Composer)
Jun 22, 2021
Private files publicly accessible with Cloud Storage providers
High
GHSA-vrf2-xghr-j52v
was published
for
shopware/core
(Composer)
Jun 28, 2021
Cross-site scripting (XSS) from field and configuration text displayed in the Panel
High
CVE-2021-32735
was published
for
getkirby/cms
(Composer)
Jul 2, 2021
Files or Directories Accessible to External Parties in ether/logs
High
CVE-2021-32752
was published
for
ether/logs
(Composer)
Jul 12, 2021
SQL injection in pimcore/pimcore
High
CVE-2021-23405
was published
for
pimcore/pimcore
(Composer)
Jul 13, 2021
Incorrect Authorization in TeamPass
High
CVE-2020-12477
was published
for
nilsteampassnet/teampass
(Composer)
Jul 26, 2021
Missing Authorization in TeamPass
High
CVE-2020-11671
was published
for
nilsteampassnet/teampass
(Composer)
Jul 26, 2021
Improper Input Validation in Centreon Web
High
CVE-2019-16405
was published
for
centreon/centreon
(Composer)
Jul 28, 2021
Directory Traversal in Archive_Tar
High
CVE-2021-32610
was published
for
pear/archive_tar
(Composer)
Aug 9, 2021
Privilege escalation via form generator
High
CVE-2021-37627
was published
for
contao/contao
(Composer)
Aug 23, 2021
Authenticated server-side request forgery in file upload via URL.
High
CVE-2021-37711
was published
for
shopware/core
(Composer)
Aug 23, 2021
Cross-Site Scripting via SVG media files
High
CVE-2021-37710
was published
for
shopware/core
(Composer)
Aug 23, 2021
Cachet vulnerable to new line injection during configuration edition
High
CVE-2021-39172
was published
for
cachethq/cachet
(Composer)
Aug 30, 2021
Cachet vulnerable to forced reinstall
High
CVE-2021-39173
was published
for
cachethq/cachet
(Composer)
Aug 30, 2021
Cachet configuration leak
High
CVE-2021-39174
was published
for
cachethq/cachet
(Composer)
Aug 30, 2021
Unauthenticated SQL Injection in Cachet
High
CVE-2021-39165
was published
for
cachethq/cachet
(Composer)
Aug 30, 2021
ProTip!
Advisories are also available from the
GraphQL API