GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,968 advisories
Filter by severity
Cross-site scripting in PHPMailer
Moderate
CVE-2017-11503
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Remote code execution in PHPMailer
Critical
CVE-2016-10045
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Remote code execution in PHPMailer
Critical
CVE-2016-10033
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
SMTP Injection in PHPMailer
Low
CVE-2015-8476
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Remote Code Execution Through Image Uploads in BookStack
High
CVE-2020-5256
was published
for
ssddanbrown/bookstack
(Composer)
Mar 13, 2020
Prevent cache poisoning via a Response Content-Type header in Symfony
Low
CVE-2020-5255
was published
for
symfony/http-foundation
(Composer)
Mar 30, 2020
Exceptions displayed in non-debug configurations in Symfony
Moderate
CVE-2020-5274
was published
for
symfony/error-handler
(Composer)
Mar 30, 2020
Firewall configured with unanimous strategy was not actually unanimous in Symfony
High
CVE-2020-5275
was published
for
symfony/security
(Composer)
Mar 30, 2020
XSS injection in the Grid component of Sylius
Moderate
CVE-2019-12186
was published
for
sylius/grid
(Composer)
Apr 15, 2020
Information disclosure of source code in SimpleSAMLphp
Low
CVE-2020-5301
was published
for
simplesamlphp/simplesamlphp
(Composer)
Apr 22, 2020
Cross-Site Scripting in BookStack
Moderate
CVE-2020-11055
was published
for
ssddanbrown/bookstack
(Composer)
May 7, 2020
Potential Code Injection in Sprout Forms
Critical
CVE-2020-11056
was published
for
barrelstrength/sprout-base-email
(Composer)
May 8, 2020
Cross-Site Scripting in SVG Sanitizer
Moderate
CVE-2020-11070
was published
for
t3g/svg-sanitizer
(Composer)
May 13, 2020
Information Disclosure in Password Reset
Low
CVE-2020-11063
was published
for
typo3/cms
(Composer)
May 13, 2020
Cross-Site Scripting in TYPO3 CMS Form Engine
Moderate
CVE-2020-11064
was published
for
typo3/cms
(Composer)
May 13, 2020
Cross-Site Scripting in TYPO3 CMS Link Handling
Moderate
CVE-2020-11065
was published
for
typo3/cms
(Composer)
May 13, 2020
Class destructors causing side-effects when being unserialized in TYPO3 CMS
High
CVE-2020-11066
was published
for
typo3/cms
(Composer)
May 13, 2020
Insecure Deserialization in Backend User Settings in TYPO3 CMS
High
CVE-2020-11067
was published
for
typo3/cms
(Composer)
May 13, 2020
Backend Same-Site Request Forgery in TYPO3 CMS
High
CVE-2020-11069
was published
for
typo3/cms
(Composer)
May 13, 2020
Insufficient output escaping of attachment names in PHPMailer
High
CVE-2020-13625
was published
for
phpmailer/phpmailer
(Composer)
May 27, 2020
Local File read vulnerability in OctoberCMS
Moderate
CVE-2020-5295
was published
for
october/cms
(Composer)
Jun 3, 2020
Arbitrary File Deletion vulnerability in OctoberCMS
Moderate
CVE-2020-5296
was published
for
october/cms
(Composer)
Jun 3, 2020
Upload whitelisted files to any directory in OctoberCMS
Low
CVE-2020-5297
was published
for
october/cms
(Composer)
Jun 3, 2020
Reflected XSS when importing CSV in OctoberCMS
Moderate
CVE-2020-5298
was published
for
october/backend
(Composer)
Jun 3, 2020
ProTip!
Advisories are also available from the
GraphQL API