Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,039
Erlang
29
GitHub Actions
18
Go
1,868
Maven
5,000+
npm
3,594
NuGet
636
pip
3,181
Pub
10
RubyGems
852
Rust
808
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,071 advisories

Remote code execution in Subrion High
CVE-2021-43464 was published for intelliants/subrion (Composer) Apr 5, 2022
Server side request forgery in LiveHelperChat High
CVE-2022-1213 was published for remdex/livehelperchat (Composer) Apr 6, 2022
Files or Directories Accessible to External Parties in Adminer High
CVE-2021-43008 was published for vrana/adminer (Composer) Apr 6, 2022
Unrestricted Upload of File with Dangerous Type in WPanel 4 High
CVE-2021-34257 was published for wpanel/wpanel4-cms (Composer) Apr 1, 2022
Type Confusion in LiveHelperChat High
CVE-2022-1176 was published for remdex/livehelperchat (Composer) Apr 1, 2022
SQL Injection in Dolibarr High
CVE-2021-36625 was published for dolibarr/dolibarr (Composer) Apr 1, 2022
Access Control vulnerability in Dolibarr High
CVE-2021-37517 was published for dolibarr/dolibarr (Composer) Apr 1, 2022
Old sessions not blocked by login enable function in Snipe-IT High
CVE-2022-1155 was published for snipe/snipe-it (Composer) Mar 31, 2022
joelpittet
Path Traversal in ImpressCMS High
CVE-2021-26601 was published for impresscms/impresscms (Composer) Mar 29, 2022
SQL Injection in Fork CMS High
CVE-2022-1064 was published for forkcms/forkcms (Composer) Mar 26, 2022
SQL Injection in Fork CMS High
CVE-2022-0153 was published for forkcms/forkcms (Composer) Mar 25, 2022
SQL Injection in Yeswiki High
CVE-2021-43091 was published for yeswiki/yeswiki (Composer) Mar 26, 2022
SQL Injection in Moodle High
CVE-2022-0983 was published for moodle/moodle (Composer) Mar 26, 2022
Integer Overflow or Wraparound in Microweber High
CVE-2022-1036 was published for microweber/microweber (Composer) Mar 23, 2022
Unrestricted Upload of File with Dangerous Type in ShowDoc High
CVE-2022-1034 was published for showdoc/showdoc (Composer) Mar 23, 2022
Insufficient Session Expiration in Admidio High
CVE-2022-0991 was published for admidio/admidio (Composer) Mar 20, 2022
Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS High
CVE-2021-41120 was published for sylius/paypal-plugin (Composer) Oct 6, 2021
Account Takeover in Octobercms High
CVE-2021-32648 was published for october/system (Composer) Aug 30, 2021
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification High
CVE-2021-41129 was published for pterodactyl/panel (Composer) Oct 4, 2021
Denial of service in microweber High
CVE-2022-0961 was published for microweber/microweber (Composer) Mar 16, 2022
Integer Overflow in microweber High
CVE-2022-0968 was published for microweber/microweber (Composer) Mar 16, 2022
Stored Cross-site Scripting in grav High
CVE-2022-0970 was published for getgrav/grav (Composer) Mar 16, 2022
Cross-site Scripting in microweber High
CVE-2022-0930 was published for microweber/microweber (Composer) Mar 13, 2022
Insufficient Session Expiration in Sylius High
CVE-2022-24743 was published for sylius/sylius (Composer) Mar 14, 2022
Integer Overflow or Wraparound in Microweber High
CVE-2022-0913 was published for microweber/microweber (Composer) Mar 12, 2022
ProTip! Advisories are also available from the GraphQL API