Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,057 advisories

Loading
SQL Injection in pimcore High
CVE-2020-7759 was published for pimcore/pimcore (Composer) May 6, 2021
Improper Input Validation in Laravel High
CVE-2020-24941 was published for laravel/framework (Composer) May 6, 2021
Improper rate limiting in Koel High
CVE-2021-33563 was published for phanan/koel (Composer) Jun 1, 2021
OS Command Injection in baserCMS High
CVE-2021-20682 was published for baserproject/basercms (Composer) Jun 8, 2021
SQL Injection in t3/dce High
CVE-2021-31777 was published for t3/dce (Composer) Jun 8, 2021
elFinder unsafe upload filtering leading to remote code execution High
CVE-2021-23394 was published for studio-42/elfinder (Composer) Jun 15, 2021
assaf-benjosef thomas-chauchefoin-sonarsource
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows High
CVE-2021-34551 was published for phpmailer/phpmailer (Composer) Jun 22, 2021
PHPMailer untrusted code may be run from an overridden address validator High
CVE-2021-3603 was published for phpmailer/phpmailer (Composer) Jun 22, 2021
0xcrypto
Command Injection in Centreon High
CVE-2020-13252 was published for centreon/centreon (Composer) Jun 22, 2021
Cross-Site Request Forgery in forkcms High
CVE-2020-23264 was published for forkcms/forkcms (Composer) Jun 22, 2021
Private files publicly accessible with Cloud Storage providers High
GHSA-vrf2-xghr-j52v was published for shopware/core (Composer) Jun 28, 2021
Cross-site scripting (XSS) from field and configuration text displayed in the Panel High
CVE-2021-32735 was published for getkirby/cms (Composer) Jul 2, 2021
hdodov tdunlap607
Files or Directories Accessible to External Parties in ether/logs High
CVE-2021-32752 was published for ether/logs (Composer) Jul 12, 2021
SQL injection in pimcore/pimcore High
CVE-2021-23405 was published for pimcore/pimcore (Composer) Jul 13, 2021
Incorrect Authorization in TeamPass High
CVE-2020-12477 was published for nilsteampassnet/teampass (Composer) Jul 26, 2021
Missing Authorization in TeamPass High
CVE-2020-11671 was published for nilsteampassnet/teampass (Composer) Jul 26, 2021
Improper Input Validation in Centreon Web High
CVE-2019-16405 was published for centreon/centreon (Composer) Jul 28, 2021
Directory Traversal in Archive_Tar High
CVE-2021-32610 was published for pear/archive_tar (Composer) Aug 9, 2021
Privilege escalation via form generator High
CVE-2021-37627 was published for contao/contao (Composer) Aug 23, 2021
ausi
Authenticated server-side request forgery in file upload via URL. High
CVE-2021-37711 was published for shopware/core (Composer) Aug 23, 2021
Cross-Site Scripting via SVG media files High
CVE-2021-37710 was published for shopware/core (Composer) Aug 23, 2021
Cachet vulnerable to new line injection during configuration edition High
CVE-2021-39172 was published for cachethq/cachet (Composer) Aug 30, 2021
thomas-chauchefoin-sonarsource tdunlap607
Cachet vulnerable to forced reinstall High
CVE-2021-39173 was published for cachethq/cachet (Composer) Aug 30, 2021
thomas-chauchefoin-sonarsource
Cachet configuration leak High
CVE-2021-39174 was published for cachethq/cachet (Composer) Aug 30, 2021
thomas-chauchefoin-sonarsource
Unauthenticated SQL Injection in Cachet High
CVE-2021-39165 was published for cachethq/cachet (Composer) Aug 30, 2021
phith0n
ProTip! Advisories are also available from the GraphQL API