Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,948
Erlang
29
GitHub Actions
16
Go
1,739
Maven
4,967
npm
3,504
NuGet
607
pip
3,064
Pub
10
RubyGems
832
Rust
779
Swift
34
Unreviewed advisories
All unreviewed
5,000+

460 advisories

Access of Resource Using Incompatible Type ('Type Confusion') in yourls/yourls Critical
CVE-2019-14537 was published for yourls/yourls (Composer) Sep 23, 2019
SQL Injection in SimpleSAMLphp Critical
CVE-2019-15537 was published for cesnet/simplesamlphp-module-proxystatistics (Composer) Nov 8, 2019
Remote code execution via vulnerable Symphony dependecy injection Critical
CVE-2019-8135 was published for magento/community-edition (Composer) Nov 12, 2019
Missing warning can lead to unauthenticated admin access in SilverStripe Critical
CVE-2019-12204 was published for silverstripe/cms (Composer) Nov 12, 2019
Symfony Service IDs Allow Injection Critical
CVE-2019-10910 was published for symfony/dependency-injection (Composer) Nov 18, 2019
SQL Injection in usmanhalalit/pixie Critical
CVE-2019-10766 was published for usmanhalalit/pixie (Composer) Nov 20, 2019
Symfony Unsafe Cache Serialization Could Enable RCE Critical
CVE-2019-18889 was published for symfony/cache (Composer) Dec 2, 2019
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony Critical
CVE-2019-10913 was published for symfony/http-foundation (Composer) Dec 2, 2019
SQL injection in phpMyAdmin Critical
CVE-2019-18622 was published for phpmyadmin/phpmyadmin (Composer) Jan 16, 2020
Remote code execution in verot/class.upload.php Critical
CVE-2019-19576 was published for verot/class.upload.php (Composer) Jan 16, 2020
Incorrect persistent NameID generation in SimpleSAMLphp Critical
CVE-2017-12873 was published for simplesamlphp/simplesamlphp (Composer) Jan 24, 2020
SQL injection in Centreon Critical
CVE-2019-16194 was published for centreon/centreon (Composer) Feb 11, 2020
Improper Input Validation in Symfony Critical
CVE-2019-11325 was published for symfony/symfony (Composer) Feb 12, 2020
class.upload.php in verot.net omits .pht from the set of dangerous file extensions Critical
CVE-2019-19634 was published for verot/class.upload.php (Composer) Feb 28, 2020
Remote code execution in PHPMailer Critical
CVE-2016-10045 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Remote code execution in PHPMailer Critical
CVE-2016-10033 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Potential Code Injection in Sprout Forms Critical
CVE-2020-11056 was published for barrelstrength/sprout-base-email (Composer) May 8, 2020
llamaonsecurity
Potential Remote Code Execution in TYPO3 with mediace extension Critical
CVE-2020-15086 was published for friendsoftypo3/mediace (Composer) Jul 29, 2020
ohader
Remote Code Execution in SyliusResourceBundle Critical
CVE-2020-15146 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks tdunlap607
XSS vulnerability leveraged through referrers could allow un-authorized admin access in Mautic Critical
CVE-2020-35124 was published for mautic/core (Composer) Jan 19, 2021
nvn1729
Steam Socialite Provider v1 does not correctly validate openid server Critical
GHSA-hhw9-35p2-q2c5 was published for socialiteproviders/steam (Composer) Jan 29, 2021
MadMikeyB
Leak of information via Store-API Critical
GHSA-f2vv-h5x4-57gr was published for shopware/platform (Composer) Feb 10, 2021
October CMS Session ID not invalidated after logout Critical
CVE-2021-3311 was published for october/rain (Composer) Feb 10, 2021
PHP Code Injection by malicious function name in smarty Critical
CVE-2021-26120 was published for smarty/smarty (Composer) Feb 26, 2021
stevenseeley
Unauthenticated remote code execution in Ignition Critical
CVE-2021-3129 was published for facade/ignition (Composer) Mar 29, 2021
ProTip! Advisories are also available from the GraphQL API