Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,838
Erlang
36
GitHub Actions
33
Go
2,460
Maven
5,000+
npm
4,082
NuGet
723
pip
3,873
Pub
12
RubyGems
943
Rust
1,010
Swift
39
Unreviewed advisories
All unreviewed
5,000+

95 advisories

Loading
Contao: Insufficient BBCode sanitizer Moderate
CVE-2024-28234 was published for contao/comments-bundle (Composer) Apr 9, 2024
m-vo
Contao: Unencoded insert tags in the frontend Low
CVE-2024-28191 was published for contao/core-bundle (Composer) Apr 9, 2024
Pimcore Host Header Injection in user invitation link High
CVE-2024-25625 was published for pimcore/admin-ui-classic-bundle (Composer) Feb 20, 2024
oussama-rahali
MantisBT Host Header Injection vulnerability High
CVE-2024-23830 was published for mantisbt/mantisbt (Composer) Feb 20, 2024
dregad Kerkroups
shaozi plmaltais atrol
Craft CMS Feed-Me High
CVE-2023-36260 was published for craftcms/cms (Composer) Jan 30, 2024
Host header injection in the password reset High
CVE-2024-23648 was published for pimcore/admin-ui-classic-bundle (Composer) Jan 24, 2024
Mathisca
Magnesium-PHP Injection vulnerability Low
CVE-2017-20187 was published for floriangaerber/magnesium (Composer) Nov 5, 2023
Dolibarr Improper Input Validation vulnerability High
CVE-2023-4197 was published for dolibarr/dolibarr (Composer) Nov 1, 2023
juzawebCMS Injection vulnerability High
CVE-2023-46468 was published for juzaweb/cms (Composer) Oct 28, 2023
Cachet vulnerable to Authenticated Remote Code Execution Critical
CVE-2023-43661 was published for cachethq/cachet (Composer) Oct 16, 2023
rive-n
Composer Remote Code Execution vulnerability via web-accessible composer.phar High
CVE-2023-43655 was published for composer/composer (Composer) Sep 29, 2023
thomas-chauchefoin-sonarsource
Craft CMS vulnerable to Remote Code Execution via validatePath bypass High
CVE-2023-40035 was published for craftcms/cms (Composer) Aug 21, 2023
awakerrday
omeka/omeka-s Improper Input Validation vulnerability Moderate
CVE-2023-4157 was published for omeka/omeka-s (Composer) Aug 4, 2023
grav Server-side Template Injection (SSTI) mitigation bypass High
CVE-2023-37897 was published for getgrav/grav (Composer) Jul 19, 2023
s4ex Malayke
zenstruck/collection passing callable string to EntityRepository::find() and query() High
CVE-2023-37473 was published for zenstruck/collection (Composer) Jul 14, 2023
kbond
Craft CMS vulnerable to Remote Code Execution via unrestricted file extension High
CVE-2023-32679 was published for craftcms/cms (Composer) May 22, 2023
awakerrday
Froxlor vulnerable to Argument Injection Moderate
CVE-2022-4864 was published for froxlor/froxlor (Composer) Dec 31, 2022
Account Takeover Through Password Reset Poisoning High
CVE-2022-33012 was published for microweber/microweber (Composer) Nov 22, 2022
Feehi CMS host header injection vulnerability Moderate
CVE-2022-38796 was published for feehi/cms (Composer) Sep 15, 2022
Known vulnerable to account takeover via host header injection attack in v1.3.1 High
CVE-2022-33011 was published for idno/known (Composer) Jul 9, 2022
Code injection in concrete CMS High
CVE-2022-21829 was published for concrete5/core (Composer) Jun 25, 2022
Command injection in librenms High
CVE-2022-29712 was published for librenms/librenms (Composer) Jun 3, 2022
SEOmatic for CraftCMS allows Server-Side Template Injection High
CVE-2020-12790 was published for nystudio107/craft-seomatic (Composer) May 24, 2022
MediaWiki makeCollapsible allows applying event handler to any CSS selector Moderate
CVE-2020-10960 was published for mediawiki/core (Composer) May 24, 2022
anonymous4ACL24
Fat-Free Framework arbitrary code execution Critical
CVE-2020-5203 was published for bcosca/fatfree (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database