GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+
10,785 advisories
Filter by severity
phpMyAdmin Cookie attribute injection attack
High
CVE-2017-1000016
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
phpMyAdmin Denial of Service (DoS)
Moderate
CVE-2016-9860
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
phpMyAdmin Improper Input Validation
Moderate
CVE-2016-2562
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
CodeIgniter HTTP Header Injection
High
CVE-2017-1000247
was published
for
codeigniter4/framework
(Composer)
May 17, 2022
Heketi Arbitrary Code Execution
High
CVE-2017-15103
was published
for
github.com/heketi/heketi
(Go)
Apr 24, 2024
Unicode transformation vulnerability in Hyperion affecting version 2.0.15. This vulnerability...
Moderate
Unreviewed
CVE-2024-4175
was published
Apr 25, 2024
EC-CUBE Improper input validation vulnerability
High
CVE-2020-5680
was published
for
ec-cube/ec-cube
(Composer)
May 24, 2022
SimpleSAMLphp InfoCard module Incorrect signature verification
High
CVE-2017-12874
was published
for
simplesamlphp/simplesamlphp-module-infocard
(Composer)
May 14, 2022
Froxlor arbitrary code execution via the database configuration options
High
CVE-2020-10235
was published
for
froxlor/froxlor
(Composer)
May 24, 2022
GeniXCMS denial of service (account blockage)
Moderate
CVE-2017-14231
was published
for
genix/cms
(Composer)
May 17, 2022
Froxlor Information Disclosure
Moderate
CVE-2020-10236
was published
for
froxlor/froxlor
(Composer)
May 24, 2022
SimpleSAMLphp Authentication context bypass in the multiauth module
High
CVE-2017-12869
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 14, 2022
Symfony SSRF Vulnerability via Form Component
Moderate
CVE-2017-16790
was published
for
symfony/form
(Composer)
May 14, 2022
Codiad remote code execution vulnerability
Critical
CVE-2018-14009
was published
for
codiad/codiad
(Composer)
May 13, 2022
Laravel does not properly constrain the host portion of a password-reset URL
Moderate
CVE-2017-9303
was published
for
illuminate/auth
(Composer)
May 17, 2022
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing...
Moderate
Unreviewed
CVE-2019-17069
was published
May 24, 2022
A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows...
High
Unreviewed
CVE-2019-10191
was published
May 24, 2022
The cause of vulnerability is improper validation of form input field “Name” on Graph page in...
Moderate
Unreviewed
CVE-2024-22119
was published
Feb 9, 2024
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS...
Critical
Unreviewed
CVE-2024-3400
was published
Apr 12, 2024
Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation
High
CVE-2023-36821
was published
for
uptime-kuma
(npm)
May 1, 2024
The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function...
Moderate
Unreviewed
CVE-2016-3739
was published
May 14, 2022
A crafted response from an upstream server the recursor has been configured to forward-recurse to...
High
Unreviewed
CVE-2024-25583
was published
Apr 25, 2024
An Improper input validation vulnerability that could potentially lead to privilege escalation...
Critical
Unreviewed
CVE-2024-4142
was published
May 1, 2024
Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE
Moderate
CVE-2022-47894
was published
for
org.apache.zeppelin:sap
(Maven)
Apr 9, 2024
ProTip!
Advisories are also available from the
GraphQL API