Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,956
Erlang
29
GitHub Actions
16
Go
1,740
Maven
4,967
npm
3,507
NuGet
609
pip
3,064
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,045 advisories

Improper Encoding or Escaping of Output and Injection in LibreNMS High
CVE-2019-12463 was published for librenms/librenms (Composer) Oct 11, 2019
Path Traversal in LibreNMS High
CVE-2019-12464 was published for librenms/librenms (Composer) Oct 11, 2019
SQL Injection in LibreNMS High
CVE-2019-12465 was published for librenms/librenms (Composer) Oct 11, 2019
SQL Injection in LibreNMS High
CVE-2019-10671 was published for librenms/librenms (Composer) Oct 11, 2019
Signature validation bypass in XmlSecLibs High
CVE-2019-3465 was published for robrichards/xmlseclibs (Composer) Nov 8, 2019
Using JS libraries with known security vulnerabilities High
CVE-2019-8121 was published for magento/community-edition (Composer) Nov 12, 2019
Unauthenticated crypto and weak IV in Magento\Framework\Encryption High
CVE-2016-6485 was published for magento/community-edition (Composer) Nov 20, 2019
Timing attacks might allow practical recovery of the long-term private key High
CVE-2019-10764 was published for simplito/elliptic-php (Composer) Nov 20, 2019
XXE in PHPSpreadsheet due to encoding issue High
CVE-2018-19277 was published for phpoffice/phpspreadsheet (Composer) Nov 20, 2019
MarkLee131
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue High
CVE-2019-12331 was published for phpoffice/phpspreadsheet (Composer) Nov 20, 2019
MarkLee131
Argument injection in a MimeTypeGuesser in Symfony High
CVE-2019-18888 was published for symfony/http-foundation (Composer) Dec 2, 2019
Drupal core third-party PEAR Archive_Tar library is vulnerable to Deserialization of Untrusted Data High
CVE-2019-6338 was published for drupal/drupal (Composer) Dec 2, 2019
Unsafe deserialization in SmtpTransport in CakePHP High
CVE-2019-11458 was published for cakephp/cakephp (Composer) Dec 2, 2019
ravage84
Unrestricted file uploads in Contao High
CVE-2019-19745 was published for contao/contao (Composer) Dec 17, 2019
PrestaShop module ps_facetedsearch might be vulnerable from CVE-2017-9841 High
GHSA-f884-gm86-cg3q was published for prestashop/ps_facetedsearch (Composer) Jan 7, 2020
PrestaShop autoupgrade module ZIP archives were vulnerable from CVE-2017-9841 High
GHSA-wqq8-mqj9-697f was published for prestashop/autoupgrade (Composer) Jan 8, 2020
PrestaShop gamification module ZIP archives were vulnerable from CVE-2017-9841 High
GHSA-769f-539v-f5jg was published for prestashop/gamification (Composer) Jan 8, 2020
XSS in enshrined/svg-sanitize due to mishandled script and data values in attributes High
CVE-2019-18857 was published for enshrined/svg-sanitize (Composer) Jan 8, 2020
ohader
Deserialization of untrusted data in Symfony High
CVE-2019-10912 was published for symfony/cache (Composer) Feb 12, 2020
Improper authentication in Symfony High
CVE-2019-10911 was published for symfony/security (Composer) Feb 12, 2020
Relative Path Traversal (CWE-23) in chunked uploads in oneup/uploader-bundle High
CVE-2020-5237 was published for oneup/uploader-bundle (Composer) Feb 18, 2020
Private data exposure via REST API in BuddyPress High
CVE-2020-5244 was published for buddypress/buddypress (Composer) Feb 24, 2020
Phar object injection in PHPMailer High
CVE-2018-19296 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Remote Code Execution Through Image Uploads in BookStack High
CVE-2020-5256 was published for ssddanbrown/bookstack (Composer) Mar 13, 2020
inc0x0 thiagomayllart
Firewall configured with unanimous strategy was not actually unanimous in Symfony High
CVE-2020-5275 was published for symfony/security (Composer) Mar 30, 2020
ajgarlag chalasr
ProTip! Advisories are also available from the GraphQL API