Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

49 advisories

Loading
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled Critical
CVE-2024-56145 was published for craftcms/cms (Composer) Dec 18, 2024
akues-an
Dolibarr vulnerable to Eval Injection Critical
CVE-2022-40871 was published for dolibarr/dolibarr (Composer) Oct 12, 2022
Badaso vulnerable to Remote Code Execution (RCE) Critical
CVE-2022-41705 was published for badaso/core (Composer) Nov 25, 2022
Craft CMS Allows Remote Code Execution Critical
CVE-2025-32432 was published for craftcms/cms (Composer) Apr 25, 2025
phpMyAdmin Code Injection vulnerability Critical
CVE-2016-5734 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Zenario uses Twig filters insecurely in the Twig Snippet plugin Critical
CVE-2024-34461 was published for tribalsystems/zenario (Composer) May 4, 2024
Code Injection in thorsten/phpmyfaq Critical
CVE-2023-0788 was published for thorsten/phpmyfaq (Composer) Feb 12, 2023
Moodle Session Fixation vulnerability Critical
CVE-2021-36394 was published for moodle/moodle (Composer) Mar 6, 2023
Mautic allows Remote Code Execution and File Deletion in Asset Uploads Critical
CVE-2024-47051 was published for mautic/core (Composer) Feb 26, 2025
mallo-m patrykgruszka
Code Injection in PHPUnit Critical
CVE-2017-9841 was published for phpunit/phpunit (Composer) Mar 26, 2022
donatj
WWBN AVideo Remote Code Execution Critical
CVE-2024-31819 was published for wwbn/avideo (Composer) Apr 10, 2024
Drupal Core Remote Code Execution Vulnerability Critical
CVE-2018-7602 was published for drupal/core (Composer) Apr 23, 2024
Arbitrary Code Execution in TYPO3 CMS Critical
GHSA-67wg-6j7r-mqh8 was published for typo3/cms (Composer) Jun 5, 2024
Laravel RCE vulnerability in "cookie" session driver Critical
GHSA-2ffv-r4r9-r8xr was published for illuminate/cookie (Composer) May 15, 2024
Drupal core Remote Code Execution Critical
GHSA-jf8c-36vw-98x4 was published for drupal/drupal (Composer) May 15, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution Critical
GHSA-7v68-3pr5-h3cr was published for drupal/core (Composer) May 15, 2024
Drupal core Remote Code Execution Critical
GHSA-6mgp-v5cm-ghg5 was published for drupal/core (Composer) May 15, 2024
Subrion CMS PHP Object Injection Critical
CVE-2017-5543 was published for intelliants/subrion (Composer) May 14, 2022
Smarty PHP code injection Critical
CVE-2017-1000480 was published for smarty/smarty (Composer) May 14, 2022
Dolibarr remote PHP code execution Critical
CVE-2021-33816 was published for dolibarr/dolibarr (Composer) May 24, 2022
yii2-redis Potential Remote code execution Critical
CVE-2018-8073 was published for yiisoft/yii2-redis (Composer) May 14, 2022
Moodle remote code execution Critical
CVE-2022-40314 was published for moodle/moodle (Composer) Oct 1, 2022
Elefant CMS PHP Code Execution Vulnerability Critical
CVE-2018-16975 was published for elefant/cms (Composer) May 13, 2022
phpWhois arbitrary code execution via a crafted whois record Critical
CVE-2015-5243 was published for brightlocal/phpwhois (Composer) May 14, 2022
Drupal PECL YAML parser unsafe object handling Critical
CVE-2017-6920 was published for drupal/core (Composer) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database