GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
461 advisories
Filter by severity
SQL injection in pagekit/pagekit
Critical
CVE-2021-44135
was published
for
pagekit/pagekit
(Composer)
Apr 2, 2022
Remote code injection in dompdf/dompdf
Critical
CVE-2022-28368
was published
for
dompdf/dompdf
(Composer)
Apr 4, 2022
elFinder Unrestricted File Upload vulnerability
Critical
CVE-2021-43421
was published
for
studio-42/elfinder
(Composer)
Apr 8, 2022
Remote Code Execution in Laravel
Critical
CVE-2021-43503
was published
for
laravel/laravel
(Composer)
Apr 9, 2022
•
withdrawn
RCE in Studio-42 elFinder on Windows before 2.1.61
Critical
CVE-2022-27115
was published
for
studio-42/elfinder
(Composer)
Apr 12, 2022
Typo3 Authentication Bypass
Critical
CVE-2011-4628
was published
for
typo3/cms
(Composer)
Apr 22, 2022
Smarty3 Arbitrary PHP Code Execution
Critical
CVE-2011-1028
was published
for
smarty/smarty
(Composer)
Apr 22, 2022
Typo3 SQL injection due to faulty prepared statements
Critical
CVE-2011-3583
was published
for
typo3/cms
(Composer)
Apr 22, 2022
Drupal SQL Injection vulnerability
Critical
CVE-2011-2715
was published
for
drupal/core
(Composer)
Apr 22, 2022
ImpressPages CMS RCE
Critical
CVE-2011-4943
was published
for
impresspages/impresspages
(Composer)
Apr 22, 2022
Cross site scripting in facturascripts
Critical
CVE-2022-1457
was published
for
neorazorx/facturascripts
(Composer)
Apr 26, 2022
Cross site scripting in FacturaScripts
Critical
CVE-2022-1514
was published
for
facturascripts/facturascripts
(Composer)
Apr 29, 2022
Object state limitation has no effect
Critical
GHSA-5x4f-7xgq-r42x
was published
for
ezsystems/ezpublish-kernel
(Composer)
Apr 29, 2022
Object state limitation has no effect
Critical
GHSA-gvj8-4cj4-h776
was published
for
ibexa/core
(Composer)
Apr 29, 2022
Object state limitation has no effect
Critical
GHSA-w8qp-hmh5-4v9v
was published
for
ezsystems/ezplatform-kernel
(Composer)
Apr 29, 2022
Incorrect Permission Assignment for Critical Resource in ShopXO
Critical
CVE-2022-28056
was published
for
shopxo/shopxo
(Composer)
May 3, 2022
Deserialization of Untrusted Data in topthink/framework
Critical
CVE-2021-23592
was published
for
topthink/framework
(Composer)
May 7, 2022
elFinder Path Traversal vulnerability
Critical
CVE-2018-9109
was published
for
studio-42/elfinder
(Composer)
May 13, 2022
Directory Traversal in Studio 42 elFinder
Critical
CVE-2018-9110
was published
for
studio-42/elfinder
(Composer)
May 13, 2022
Contao Does Not Expire Tokens Correctly
Critical
CVE-2019-10643
was published
for
contao/contao
(Composer)
May 13, 2022
Codiad remote code execution vulnerability
Critical
CVE-2018-14009
was published
for
codiad/codiad
(Composer)
May 13, 2022
Dolibarr SQL Injection vulnerability
Critical
CVE-2018-9019
was published
for
dolibarr/dolibarr
(Composer)
May 13, 2022
Elefant CMS PHP Code Execution Vulnerability
Critical
CVE-2018-16975
was published
for
elefant/cms
(Composer)
May 13, 2022
TeamPass Storing Passwords in a Recoverable Format vulnerability
Critical
CVE-2019-1000001
was published
for
nilsteampassnet/teampass
(Composer)
May 13, 2022
ThinkAdmin Administrator cookies still working after password change
Critical
CVE-2019-11018
was published
for
zoujingli/thinkadmin
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API