GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
97 advisories
Filter by severity
himiklab yii2-jqgrid-widget vulnerable to SQL Injection
Critical
CVE-2014-125051
was published
for
himiklab/yii2-jqgrid-widget
(Composer)
Jan 6, 2023
Microweber vulnerable to cross-site scripting (XSS)
Moderate
CVE-2023-2014
was published
for
microweber/microweber
(Composer)
Apr 13, 2023
Spoon Library as used in Fork CMS allows PHP object injection
Critical
CVE-2019-15521
was published
for
spoon/library
(Composer)
May 24, 2022
phpMyAdmin micro history Implementation XSS Vulnerability
Moderate
CVE-2014-6300
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
phpMyAdmin Implementation XSS Vulnerability on Server Monitor Page
Moderate
CVE-2014-8326
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
Moodle Reveals Student Information Meant To Be Anonymous
Moderate
CVE-2014-0215
was published
for
moodle/moodle
(Composer)
May 13, 2022
DCE extension for Typo3 Discloses Environment Information
Moderate
CVE-2014-8328
was published
for
t3/dce
(Composer)
May 17, 2022
MAGMI plugin for Magento Unsafe File Upload
High
CVE-2014-8770
was published
for
dweeves/magmi
(Composer)
May 14, 2022
Subrion CMS Cross-site scripting in search
Moderate
CVE-2014-9120
was published
for
intelliants/subrion
(Composer)
May 14, 2022
phpMyAdmin cross-site scripting vulnerability in crafted view name
Low
CVE-2014-5274
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
phpMyAdmin cross-site scripting Vulnerability in Table or Column Names
Low
CVE-2014-4986
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
CodeIgniter and Kohana vulnerable to PHP Object Injection
Critical
CVE-2014-8684
was published
for
codeigniter/framework
(Composer)
May 17, 2022
phpMyAdmin cross-site scripting Vulnerability via ENUM value
Low
CVE-2014-7217
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
ImpressCMS Path Traversal to Arbitrary File Delete
Moderate
CVE-2014-1836
was published
for
impresscms/impresscms
(Composer)
May 17, 2022
Typo3 Vulnerable to Cache Poisoning
High
CVE-2014-9509
was published
for
typo3/cms
(Composer)
May 17, 2022
Pimcore Vulnerable to PHP Object Injection Attacks
High
CVE-2014-2921
was published
for
pimcore/pimcore
(Composer)
May 17, 2022
ImpressCMS Cross-site scripting Vulnerability
Moderate
CVE-2014-4036
was published
for
impresscms/impresscms
(Composer)
May 17, 2022
TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component
Low
CVE-2013-7074
was published
for
typo3/cms
(Composer)
May 17, 2022
TYPO3 OpenID extension Open redirect vulnerability
Moderate
CVE-2013-7079
was published
for
friendsoftypo3/openid
(Composer)
May 17, 2022
TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component
Moderate
CVE-2013-7073
was published
for
typo3/cms
(Composer)
May 17, 2022
TYPO3 Improper Access Control vulnerability
Moderate
CVE-2013-7081
was published
for
typo3/cms-core
(Composer)
May 17, 2022
TYPO3 is vulnerable to Mass Assignment in the Extension table administration library
Moderate
CVE-2013-7080
was published
for
typo3/cms-core
(Composer)
May 17, 2022
TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component
Moderate
CVE-2013-7075
was published
for
typo3/cms
(Composer)
May 17, 2022
PHPExcel vulnerable to XXE attacks through libxml
Moderate
CVE-2014-2054
was published
for
phpoffice/phpexcel
(Composer)
May 17, 2022
Several Zend Products Vulnerable to XXE and XEE attacks
Moderate
CVE-2014-2683
was published
for
zendframework/zendframework1
(Composer)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API