GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,082 advisories
Filter by severity
Path traversal in pimcore/pimcore
High
CVE-2021-23340
was published
for
pimcore/pimcore
(Composer)
Feb 25, 2021
Unexpected database bindings
High
GHSA-x7p5-p2c9-phvg
was published
for
illuminate/database
(Composer)
Feb 2, 2021
Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID
High
CVE-2018-10189
was published
for
mautic/core
(Composer)
Jan 19, 2021
Disabled users able to log in with third party SSO plugin
High
CVE-2017-1000489
was published
for
mautic/core
(Composer)
Jan 19, 2021
Query Binding Exploitation
High
CVE-2021-21263
was published
for
illuminate/database
(Composer)
Jan 19, 2021
Cleartext storage of session identifier
High
CVE-2020-26228
was published
for
typo3/cms
(Composer)
Nov 23, 2020
Local File Inclusion by unauthenticated users
High
CVE-2020-15246
was published
for
october/cms
(Composer)
Nov 23, 2020
Cross-Site Scripting through Fluid view helper arguments
High
CVE-2020-26216
was published
for
typo3fluid/fluid
(Composer)
Nov 18, 2020
Exploitable inventory component chaining in PocketMine-MP
High
GHSA-8jq6-w5cg-wm45
was published
for
pocketmine/pocketmine-mp
(Composer)
Nov 11, 2020
RCE via PHP Object injection via SOAP Requests
High
CVE-2020-15244
was published
for
openmage/magento-lts
(Composer)
Oct 30, 2020
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
High
CVE-2020-15277
was published
for
baserproject/basercms
(Composer)
Oct 30, 2020
Inline attribute values were not processed.
High
CVE-2020-15263
was published
for
orchid/platform
(Composer)
Oct 19, 2020
Potential Remote Code Execution vulnerability
High
CVE-2020-15227
was published
for
nette/application
(Composer)
Oct 2, 2020
Unsafe deserialization in Yii 2
High
CVE-2020-15148
was published
for
yiisoft/yii2
(Composer)
Sep 15, 2020
Potential XSS injection In PrestaShop contactform
High
CVE-2020-15178
was published
for
prestashop/contactform
(Composer)
Sep 15, 2020
DataTable Vulnerable to Cross-Site Scripting
High
CVE-2015-6584
was published
for
datatables
(Composer)
Aug 31, 2020
Remote Code Execution in SyliusResourceBundle
High
CVE-2020-15143
was published
for
sylius/resource-bundle
(Composer)
Aug 19, 2020
Observable Timing Discrepancy in OpenMage LTS
High
CVE-2020-15151
was published
for
openmage/magento-lts
(Composer)
Aug 19, 2020
Remote code execution in turn extension for TYPO3
High
CVE-2020-15515
was published
for
marcwillmann/turn
(Composer)
Jul 29, 2020
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
High
CVE-2020-15099
was published
for
typo3/cms
(Composer)
Jul 29, 2020
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
High
CVE-2020-15098
was published
for
typo3/cms
(Composer)
Jul 29, 2020
ProTip!
Advisories are also available from the
GraphQL API