Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
55
GitHub Actions
50
Go
3,732
Maven
5,000+
npm
5,000+
NuGet
935
pip
4,952
Pub
13
RubyGems
1,055
Rust
1,343
Swift
54
Unreviewed advisories
All unreviewed
5,000+

1,597 advisories

Loading
Cross-Site Scripting through Fluid view helper arguments High
CVE-2020-26216 was published for typo3fluid/fluid (Composer) Nov 18, 2020
NamelessCoder Credited to NamelessCoder and jonaseberle jonaseberle jonaseberle
Exploitable inventory component chaining in PocketMine-MP High
GHSA-8jq6-w5cg-wm45 was published for pocketmine/pocketmine-mp (Composer) Nov 11, 2020
Muqsit Credited to Muqsit and CortexPE CortexPE CortexPE
RCE via PHP Object injection via SOAP Requests High
CVE-2020-15244 was published for openmage/magento-lts (Composer) Oct 30, 2020
convenient Credited to convenient
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0 High
CVE-2020-15277 was published for baserproject/basercms (Composer) Oct 30, 2020
Aquilao Credited to Aquilao
Inline attribute values were not processed. High
CVE-2020-15263 was published for orchid/platform (Composer) Oct 19, 2020
Potential Remote Code Execution vulnerability High
CVE-2020-15227 was published for nette/application (Composer) Oct 2, 2020
Unsafe deserialization in Yii 2 High
CVE-2020-15148 was published for yiisoft/yii2 (Composer) Sep 15, 2020
nt0xa Credited to nt0xa
Potential XSS injection In PrestaShop contactform High
CVE-2020-15178 was published for prestashop/contactform (Composer) Sep 15, 2020
RCE in Symfony High
CVE-2020-15094 was published for symfony/http-kernel (Composer) Sep 2, 2020
mpdude Credited to mpdude and stof stof stof
DataTable Vulnerable to Cross-Site Scripting High
CVE-2015-6584 was published for datatables (Composer) Aug 31, 2020
Remote Code Execution in SyliusResourceBundle High
CVE-2020-15143 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks Credited to isometriks and tdunlap607 tdunlap607 tdunlap607
Observable Timing Discrepancy in OpenMage LTS High
CVE-2020-15151 was published for openmage/magento-lts (Composer) Aug 19, 2020
Flyingmana Credited to Flyingmana and theroch theroch theroch
Remote code execution in turn extension for TYPO3 High
CVE-2020-15515 was published for marcwillmann/turn (Composer) Jul 29, 2020
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS High
CVE-2020-15099 was published for typo3/cms (Composer) Jul 29, 2020
ohader Credited to ohader
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS High
CVE-2020-15098 was published for typo3/cms (Composer) Jul 29, 2020
ohader Credited to ohader
Phar unserialization vulnerability in phpMussel High
CVE-2020-4043 was published for Maikuolan/phpMussel (Composer) Jun 10, 2020
Maikuolan Credited to Maikuolan
CSRF issue on preview pages in Bolt CMS High
CVE-2020-4040 was published for bolt/bolt (Composer) Jun 9, 2020
staz0t Credited to staz0t
The filename of uploaded files vulnerable to stored XSS High
CVE-2020-4041 was published for bolt/bolt (Composer) Jun 9, 2020
staz0t Credited to staz0t
Insufficient output escaping of attachment names in PHPMailer High
CVE-2020-13625 was published for phpmailer/phpmailer (Composer) May 27, 2020
Backend Same-Site Request Forgery in TYPO3 CMS High
CVE-2020-11069 was published for typo3/cms (Composer) May 13, 2020
ohader Credited to ohader
Insecure Deserialization in Backend User Settings in TYPO3 CMS High
CVE-2020-11067 was published for typo3/cms (Composer) May 13, 2020
ohader Credited to ohader
Class destructors causing side-effects when being unserialized in TYPO3 CMS High
CVE-2020-11066 was published for typo3/cms (Composer) May 13, 2020
ohader Credited to ohader
Firewall configured with unanimous strategy was not actually unanimous in Symfony High
CVE-2020-5275 was published for symfony/security (Composer) Mar 30, 2020
ajgarlag Credited to ajgarlag and chalasr chalasr chalasr
Remote Code Execution Through Image Uploads in BookStack High
CVE-2020-5256 was published for ssddanbrown/bookstack (Composer) Mar 13, 2020
inc0x0 Credited to inc0x0 and thiagomayllart thiagomayllart thiagomayllart
Phar object injection in PHPMailer High
CVE-2018-19296 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database