GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
42 advisories
Filter by severity
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views
Critical
CVE-2023-22731
was published
for
shopware/core
(Composer)
Jan 17, 2023
Code Injection in SEOmatic
Critical
CVE-2021-41749
was published
for
nystudio107/craft-seomatic
(Composer)
Jun 13, 2022
Badaso vulnerable to Remote Code Execution (RCE)
Critical
CVE-2022-41705
was published
for
badaso/core
(Composer)
Nov 25, 2022
RCE vulnerability in Pimcore/Mail & Dynamic Text Layout
Critical
CVE-2022-39365
was published
for
pimcore/pimcore
(Composer)
Oct 29, 2022
Potential Code Injection in Sprout Forms
Critical
CVE-2020-11056
was published
for
barrelstrength/sprout-base-email
(Composer)
May 8, 2020
Unauthenticated remote code execution in Ignition
Critical
CVE-2021-3129
was published
for
facade/ignition
(Composer)
Mar 29, 2021
Code injection in codiad
Critical
CVE-2019-19208
was published
for
codiad/codiad
(Composer)
Sep 1, 2021
Server Side Twig Template Injection
Critical
CVE-2022-21686
was published
for
prestashop/prestashop
(Composer)
Jan 27, 2022
Code Injection in thorsten/phpmyfaq
Critical
CVE-2023-0788
was published
for
thorsten/phpmyfaq
(Composer)
Feb 12, 2023
Remote code execution in Funadmin
Critical
CVE-2023-24776
was published
for
funadmin/funadmin
(Composer)
Mar 6, 2023
Zenario CMS is vulnerable to Remote Code Execution (RCE).
Critical
CVE-2022-44136
was published
for
tribalsystems/zenario
(Composer)
Nov 30, 2022
Centreon RCE Vulnerability
Critical
CVE-2018-11587
was published
for
centreon/centreon
(Composer)
May 14, 2022
Craft CMS Remote Code Injection
Critical
CVE-2021-27903
was published
for
craftcms/cms
(Composer)
Jul 2, 2021
nterchange Code Injection vulnerability
Critical
CVE-2015-10009
was published
for
nonfiction/nterchange
(Composer)
Jan 2, 2023
Cachet vulnerable to Authenticated Remote Code Execution
Critical
CVE-2023-43661
was published
for
cachethq/cachet
(Composer)
Oct 16, 2023
Grav Server Side Template Injection (SSTI) vulnerability
Critical
CVE-2023-34251
was published
for
getgrav/grav
(Composer)
Jun 16, 2023
TeamPass Code Injection vulnerability
Critical
CVE-2023-3551
was published
for
nilsteampassnet/teampass
(Composer)
Jul 8, 2023
Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4
Critical
CVE-2023-32692
was published
for
codeigniter4/framework
(Composer)
May 22, 2023
October CMS safe mode bypass using Twig sandbox escape
Critical
CVE-2023-44382
was published
for
october/system
(Composer)
Nov 29, 2023
Craft CMS Remote Code Execution vulnerability
Critical
CVE-2023-41892
was published
for
craftcms/cms
(Composer)
Sep 13, 2023
Magento php object injection vulnerability
Critical
CVE-2020-9664
was published
for
magento/core
(Composer)
May 24, 2022
ImpressPages CMS RCE
Critical
CVE-2011-4943
was published
for
impresspages/impresspages
(Composer)
Apr 22, 2022
Remote CLI Command Execution Vulnerability in CodeIgniter4
Critical
CVE-2022-24711
was published
for
codeigniter4/framework
(Composer)
Mar 1, 2022
Symfony Unsafe Cache Serialization Could Enable RCE
Critical
CVE-2019-18889
was published
for
symfony/cache
(Composer)
Dec 2, 2019
Code Injection in PHPUnit
Critical
CVE-2017-9841
was published
for
phpunit/phpunit
(Composer)
Mar 26, 2022
ProTip!
Advisories are also available from the
GraphQL API