GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,057 advisories
Filter by severity
Improperly checked metadata on tools/armour itemstacks received from the client
High
GHSA-46c5-pfj8-fv65
was published
for
pocketmine/pocketmine-mp
(Composer)
Mar 18, 2022
Possible SQL injection in tablelookupwizard Contao Extension
High
GHSA-v3mr-gp7j-pw5w
was published
for
terminal42/contao-tablelookupwizard
(Composer)
Feb 10, 2022
Unhandled exception when decoding form response JSON
High
GHSA-wjfq-88q2-r34j
was published
for
pocketmine/pocketmine-mp
(Composer)
Jan 21, 2022
IBX-1392: Image filenames sanitization
High
GHSA-44m4-9cjp-j587
was published
for
ezsystems/ezpublish-kernel
(Composer)
Jan 21, 2022
Unchecked validity of Facing values in PlayerActionPacket
High
GHSA-xh99-hw7h-wf63
was published
for
pocketmine/pocketmine-mp
(Composer)
Jan 13, 2022
Uncapped length of skin data fields submitted by players
High
GHSA-c6fg-99pr-25m9
was published
for
pocketmine/pocketmine-mp
(Composer)
Jan 6, 2022
PocketMine-MP has improperly handled dye colour IDs in banner NBT, leading to server crash
High
GHSA-wqqv-jcfr-9f5g
was published
for
pocketmine/pocketmine-mp
(Composer)
Jan 9, 2023
CSV injection in Craft CMS
High
GHSA-xrpj-f9v6-2332
was published
for
craftcms/cms
(Composer)
Oct 4, 2021
•
withdrawn
Private files publicly accessible with Cloud Storage providers
High
GHSA-vrf2-xghr-j52v
was published
for
shopware/core
(Composer)
Jun 28, 2021
Any storage file can be downloaded from p.sh if full server path is known
High
GHSA-gqcf-83rq-gpfr
was published
for
ibexa/post-install
(Composer)
Sep 14, 2021
Any storage file can be downloaded from p.sh if full server path is known
High
GHSA-2rh5-jvgx-pgw3
was published
for
ezsystems/ezplatform
(Composer)
Sep 14, 2021
Content object state fetch functions open to SQL injection
High
GHSA-jpwx-ffjq-wr4w
was published
for
ezsystems/ezpublish-legacy
(Composer)
Sep 7, 2021
User can obtain JWT token even if account is disabled
High
GHSA-36mj-6r7r-mqhf
was published
for
ezsystems/ezplatform-rest
(Composer)
Sep 29, 2021
/user/sessions endpoint allows detecting valid accounts
High
GHSA-gmrf-99gw-vvwj
was published
for
ezsystems/ezpublish-kernel
(Composer)
Mar 11, 2021
NaN/INF in serverbound movement packets can crash clients and servers
High
GHSA-fm35-jgg3-3grx
was published
for
pocketmine/pocketmine-mp
(Composer)
Mar 18, 2022
SQL Server LIMIT / OFFSET SQL Injection in laravel/framework and illuminate/database
High
GHSA-4mg9-vhxq-vm7j
was published
for
illuminate/database
(Composer)
Apr 29, 2021
Inline attribute values were not processed.
High
CVE-2020-15263
was published
for
orchid/platform
(Composer)
Oct 19, 2020
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
High
CVE-2020-15277
was published
for
baserproject/basercms
(Composer)
Oct 30, 2020
Cross-site scripting in eZ Platform Kernel
High
GHSA-mrvj-7q4f-5p42
was published
for
ezsystems/ezplatform-kernel
(Composer)
Mar 19, 2021
/user/sessions endpoint allows detecting valid accounts
High
GHSA-7vwg-39h8-8qp8
was published
for
ezsystems/ezplatform-rest
(Composer)
Mar 11, 2021
Unexpected database bindings
High
GHSA-x7p5-p2c9-phvg
was published
for
illuminate/database
(Composer)
Feb 2, 2021
Exploitable inventory component chaining in PocketMine-MP
High
GHSA-8jq6-w5cg-wm45
was published
for
pocketmine/pocketmine-mp
(Composer)
Nov 11, 2020
Private data exposure via REST API in BuddyPress
High
CVE-2020-5244
was published
for
buddypress/buddypress
(Composer)
Feb 24, 2020
Remote Code Execution Through Image Uploads in BookStack
High
CVE-2020-5256
was published
for
ssddanbrown/bookstack
(Composer)
Mar 13, 2020
PrestaShop module ps_facetedsearch might be vulnerable from CVE-2017-9841
High
GHSA-f884-gm86-cg3q
was published
for
prestashop/ps_facetedsearch
(Composer)
Jan 7, 2020
ProTip!
Advisories are also available from the
GraphQL API