Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

477 advisories

Loading
Ibexa DXP users with the Company admin role can assign any role to any user Critical
GHSA-g6jc-xrc3-4wwq was published for ibexa/admin-ui (Composer) Nov 10, 2022
Ibexa DXP users with the Company admin role can assign any role to any user Critical
GHSA-394j-x37r-2q27 was published for ibexa/core (Composer) Nov 10, 2022
ibexa/admin-ui vulnerable to Cross-site Scripting in content type name/shortname Critical
GHSA-7644-cxp8-h23r was published for ibexa/admin-ui (Composer) Nov 10, 2022
ezplatform-admin-ui vulnerable to Cross-Site Scripting (XSS) Critical
GHSA-58h5-h554-429q was published for ezsystems/ezplatform-admin-ui (Composer) Nov 10, 2022
GraphQL queries can expose password hashes Critical
GHSA-3p7g-wrgg-wq45 was published for ibexa/graphql (Composer) Nov 10, 2022
tranca
Centreon vulnerable to SQL Injection Critical
CVE-2022-3827 was published for centreon/centreon (Composer) Nov 2, 2022
easyii CMS's File Upload Management vulnerable to unrestricted upload Critical
CVE-2022-3771 was published for noumo/easyii (Composer) Oct 31, 2022
phpMyFAQ contains Weak Password Requirements Critical
CVE-2022-3754 was published for thorsten/phpmyfaq (Composer) Oct 29, 2022
RCE vulnerability in Pimcore/Mail & Dynamic Text Layout Critical
CVE-2022-39365 was published for pimcore/pimcore (Composer) Oct 29, 2022
nth347
Badaso vulnerable to Remote Code Execution via malicious file upload Critical
CVE-2022-41711 was published for badaso/core (Composer) Oct 26, 2022
Dolibarr vulnerable to Eval Injection Critical
CVE-2022-40871 was published for dolibarr/dolibarr (Composer) Oct 12, 2022
TCPDF vulnerable to attackers triggering deserialization of arbitrary data Critical
CVE-2018-17057 was published for fooman/tcpdf (Composer) Oct 6, 2022
Moodle remote code execution Critical
CVE-2022-40314 was published for moodle/moodle (Composer) Oct 1, 2022
Moodle Minor SQL injection risk in admin user browsing Critical
CVE-2022-40315 was published for moodle/moodle (Composer) Oct 1, 2022
Pagekit vulnerable to Unrestricted Upload of File with Dangerous Type Critical
CVE-2022-38916 was published for pagekit/pagekit (Composer) Sep 21, 2022
ThinkPHP deserialization vulnerability Critical
CVE-2022-38352 was published for topthink/framework (Composer) Sep 16, 2022
Rank Math SEO plugin vulnerable to Server-Side Request Forgery Critical
CVE-2022-36376 was published for rankmath/seo-by-rank-math (Composer) Sep 10, 2022
FeehiCMS has an arbitrary file upload vulnerability Critical
CVE-2020-21516 was published for feehi/cms (Composer) Sep 7, 2022
rthorpeii
Magento XML Injection vulnerability in the Widgets Module Critical
CVE-2022-34253 was published for magento/community-edition (Composer) Aug 17, 2022
Cockpit before 2.2.0 vulnerable to Insufficient Session Expiration Critical
CVE-2022-2713 was published for aheinze/cockpit (Composer) Aug 9, 2022
PrestaShop eval injection possible if shop vulnerable to SQL injection Critical
CVE-2022-31181 was published for prestashop/prestashop (Composer) Jul 29, 2022
Moodle PostScript Code Injection Critical
CVE-2022-35649 was published for moodle/moodle (Composer) Jul 26, 2022
Duplicate Advisory GHSA-hrgx-p36p-89q4 Critical
CVE-2022-36408 was published for prestashop/prestashop (Composer) Jul 23, 2022 withdrawn
Islandora 2.0 before 2.4.1 could allow any user to upload content into a repository Critical
GHSA-m58q-qq5h-mgqq was published for islandora/islandora (Composer) Jul 21, 2022
jordandukart lutaylor
rosiel adam-vessey
SQL Injection in typo3 extension "LUX - TYPO3 Marketing Automation" Critical
CVE-2022-35628 was published for in2code/lux (Composer) Jul 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database