Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,340
Erlang
31
GitHub Actions
22
Go
2,101
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
885
Swift
37
Unreviewed advisories
All unreviewed
5,000+

104 advisories

Loading
Server Side Template Injection (SSTI) High
CVE-2024-28117 was published for getgrav/grav (Composer) Mar 22, 2024
as3617 juckchang
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass High
CVE-2024-28116 was published for getgrav/grav (Composer) Mar 22, 2024
akabe1
Code injection in REDAXO High
CVE-2024-25298 was published for redaxo/source (Composer) Feb 17, 2024
TYPO3 Install Tool vulnerable to Code Execution High
CVE-2024-22188 was published for typo3/cms-core (Composer) Feb 13, 2024
bnf
Arbitrary Code Execution in Processwire High
CVE-2023-24676 was published for processwire/processwire (Composer) Jan 24, 2024
Statamic CMS vulnerable to remote code execution via form uploads High
CVE-2023-48217 was published for statamic/cms (Composer) Nov 14, 2023
ahinkle
Moodle Code Injection vulnerability High
CVE-2023-5540 was published for moodle/moodle (Composer) Nov 9, 2023
Subrion remote command execution vulnerability High
CVE-2023-46947 was published for intelliants/subrion (Composer) Nov 3, 2023
Economizzer host header injection vulnerability High
CVE-2023-38877 was published for gugoan/economizzer (Composer) Sep 28, 2023
Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script High
CVE-2023-38886 was published for dolibarr/dolibarr (Composer) Sep 20, 2023
Command injection in pagekit High
CVE-2023-41005 was published for pagekit/pagekit (Composer) Aug 29, 2023
Grav Server-side Template Injection (SSTI) via Denylist Bypass Vulnerability High
CVE-2023-34253 was published for getgrav/grav (Composer) Jun 16, 2023
jacobsoo
Grav Server-side Template Injection (SSTI) via Twig Default Filters High
CVE-2023-34252 was published for getgrav/grav (Composer) Jun 16, 2023
jacobsoo
Withdrawn Advisory: CraftCMS Server-Side Template Injection vulnerability High
CVE-2023-30179 was published for craftcms/cms (Composer) Jun 13, 2023 withdrawn
angrybrad
Code injection in nilsteampassnet/teampass High
CVE-2023-2859 was published for nilsteampassnet/teampass (Composer) May 24, 2023
CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter High
CVE-2023-30130 was published for craftcms/cms (Composer) May 12, 2023
teampass vulnerable to code injection High
CVE-2023-2591 was published for nilsteampassnet/teampass (Composer) May 9, 2023
Improper Control of Generation of Code in Twig rendered views High
CVE-2023-2017 was published for shopware/core (Composer) Apr 18, 2023
Creastery
Code Injection in alextselegidis/easyappointments High
CVE-2023-1367 was published for alextselegidis/easyappointments (Composer) Mar 13, 2023
Code Injection in froxlor/froxlor High
CVE-2023-0877 was published for froxlor/froxlor (Composer) Feb 17, 2023
froxlor is vulnerable to privilege escalation from customer to root via directory-options High
CVE-2023-0671 was published for froxlor/froxlor (Composer) Feb 4, 2023
Command injection in yiisoft/yii2-gii High
CVE-2020-36655 was published for yiisoft/yii2-gii (Composer) Jan 21, 2023
TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework High
CVE-2022-23503 was published for typo3/cms (Composer) Dec 13, 2022
Akeneo PIM Community Edition vulnerable to remote php code execution High
CVE-2022-46157 was published for akeneo/pim-community-dev (Composer) Dec 9, 2022
October CMS Safe Mode bypass leads to authenticated Remote Code Execution High
CVE-2022-35944 was published for october/system (Composer) Oct 13, 2022
cydave daftspunk
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database