Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

97 advisories

Loading
himiklab yii2-jqgrid-widget vulnerable to SQL Injection Critical
CVE-2014-125051 was published for himiklab/yii2-jqgrid-widget (Composer) Jan 6, 2023
Microweber vulnerable to cross-site scripting (XSS) Moderate
CVE-2023-2014 was published for microweber/microweber (Composer) Apr 13, 2023
Spoon Library as used in Fork CMS allows PHP object injection Critical
CVE-2019-15521 was published for spoon/library (Composer) May 24, 2022
phpMyAdmin micro history Implementation XSS Vulnerability Moderate
CVE-2014-6300 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
phpMyAdmin Implementation XSS Vulnerability on Server Monitor Page Moderate
CVE-2014-8326 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Moodle Reveals Student Information Meant To Be Anonymous Moderate
CVE-2014-0215 was published for moodle/moodle (Composer) May 13, 2022
DCE extension for Typo3 Discloses Environment Information Moderate
CVE-2014-8328 was published for t3/dce (Composer) May 17, 2022
MAGMI plugin for Magento Unsafe File Upload High
CVE-2014-8770 was published for dweeves/magmi (Composer) May 14, 2022
Subrion CMS Cross-site scripting in search Moderate
CVE-2014-9120 was published for intelliants/subrion (Composer) May 14, 2022
phpMyAdmin cross-site scripting vulnerability in crafted view name Low
CVE-2014-5274 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
phpMyAdmin cross-site scripting Vulnerability in Table or Column Names Low
CVE-2014-4986 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
CodeIgniter and Kohana vulnerable to PHP Object Injection Critical
CVE-2014-8684 was published for codeigniter/framework (Composer) May 17, 2022
phpMyAdmin cross-site scripting Vulnerability via ENUM value Low
CVE-2014-7217 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
ImpressCMS Path Traversal to Arbitrary File Delete Moderate
CVE-2014-1836 was published for impresscms/impresscms (Composer) May 17, 2022
Typo3 Vulnerable to Cache Poisoning High
CVE-2014-9509 was published for typo3/cms (Composer) May 17, 2022
Pimcore Vulnerable to PHP Object Injection Attacks High
CVE-2014-2921 was published for pimcore/pimcore (Composer) May 17, 2022
ImpressCMS Cross-site scripting Vulnerability Moderate
CVE-2014-4036 was published for impresscms/impresscms (Composer) May 17, 2022
TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component Low
CVE-2013-7074 was published for typo3/cms (Composer) May 17, 2022
TYPO3 OpenID extension Open redirect vulnerability Moderate
CVE-2013-7079 was published for friendsoftypo3/openid (Composer) May 17, 2022
TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component Moderate
CVE-2013-7073 was published for typo3/cms (Composer) May 17, 2022
TYPO3 Improper Access Control vulnerability Moderate
CVE-2013-7081 was published for typo3/cms-core (Composer) May 17, 2022
TYPO3 is vulnerable to Mass Assignment in the Extension table administration library Moderate
CVE-2013-7080 was published for typo3/cms-core (Composer) May 17, 2022
TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component Moderate
CVE-2013-7075 was published for typo3/cms (Composer) May 17, 2022
PHPExcel vulnerable to XXE attacks through libxml Moderate
CVE-2014-2054 was published for phpoffice/phpexcel (Composer) May 17, 2022
Several Zend Products Vulnerable to XXE and XEE attacks Moderate
CVE-2014-2683 was published for zendframework/zendframework1 (Composer) May 14, 2022
ProTip! Advisories are also available from the GraphQL API