Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

67 advisories

Loading
AWS SDK for PHP has CloudFront Policy Document Injection via Special Characters High
GHSA-27qh-8cxx-2cr5 was published for aws/aws-sdk-php (Composer) Mar 27, 2026
Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint High
CVE-2026-25892 was published for vrana/adminer (Composer) Feb 10, 2026
JoyGhoshs Credited to JoyGhoshs
FacturaScripts has SQL Injection in Autocomplete Actions High
CVE-2026-25514 was published for facturascripts/facturascripts (Composer) Feb 3, 2026
lukasz-rybak Credited to lukasz-rybak
FacturaScripts has SQL Injection in API ORDER BY Clause High
CVE-2026-25513 was published for facturascripts/facturascripts (Composer) Feb 3, 2026
lukasz-rybak Credited to lukasz-rybak
Magento vulnerable to denial of service High
CVE-2025-49554 was published for magento/community-edition (Composer) Aug 12, 2025
Shopware allows Denial Of Service via password length High
CVE-2025-30151 was published for shopware/core (Composer) Apr 8, 2025
bsmietana Credited to bsmietana
Browsershot Path Traversal High
CVE-2025-1022 was published for spatie/browsershot (Composer) Feb 5, 2025
Livewire Remote Code Execution on File Uploads High
CVE-2024-47823 was published for livewire/livewire (Composer) Oct 8, 2024
angelej Credited to angelej and RChutchev RChutchev RChutchev
Arbitrary File Creation in opencart High
CVE-2024-21519 was published for opencart/opencart (Composer) Jun 22, 2024
Moodle ReCAPTCHA can be bypassed on the login page High
CVE-2024-34009 was published for moodle/moodle (Composer) May 31, 2024
Moodle Improper Input Validation High
CVE-2024-33999 was published for moodle/moodle (Composer) May 31, 2024
TYPO3 Arbitrary Shell Execution in Swiftmailer library High
GHSA-45xg-4w5x-j429 was published for typo3/cms (Composer) May 30, 2024
silverstripe/framework has possible denial of service attack vector when flushing High
GHSA-cwgq-83w5-8jfq was published for silverstripe/framework (Composer) May 28, 2024
Magento Open Source allows Improper Input Validation High
CVE-2024-20758 was published for magento/community-edition (Composer) Apr 10, 2024
Froxlor username/surname AND company field Bypass High
CVE-2023-50256 was published for froxlor/froxlor (Composer) Jan 4, 2024
ahmedvienna Credited to ahmedvienna
PrestaShop some attribute not escaped in Validate::isCleanHTML method High
CVE-2024-21627 was published for prestashop/prestashop (Composer) Jan 3, 2024
Antonio-R1 Credited to Antonio-R1, antoniospataro, matthieu-rolland, AureRita, boherm, and matks antoniospataro antoniospataro
matthieu-rolland matthieu-rolland AureRita AureRita boherm boherm matks matks
Dolibarr Improper Input Validation vulnerability High
CVE-2023-4197 was published for dolibarr/dolibarr (Composer) Nov 1, 2023
OpenCart Path Traversal vulnerability High
CVE-2023-2315 was published for opencart/opencart (Composer) Sep 27, 2023
Grav Server-side Template Injection (SSTI) via Twig Default Filters High
CVE-2023-34448 was published for getgrav/grav (Composer) Jun 16, 2023
jacobsoo Credited to jacobsoo
Improper input validation in Drupal core High
CVE-2022-25273 was published for drupal/core (Composer) Apr 26, 2023
HTTP Multiline Header Termination High
CVE-2023-29530 was published for laminas/laminas-diactoros (Composer) Apr 24, 2023
GrahamCampbell Credited to GrahamCampbell and TimWolla TimWolla TimWolla
Browsershot does not validate URL protocols passed to Browsershot URL method High
CVE-2022-41706 was published for spatie/browsershot (Composer) Nov 25, 2022
tdunlap607 Credited to tdunlap607
Magento Improper input validation vulnerability High
CVE-2022-42344 was published for magento/community-edition (Composer) Oct 20, 2022
Moodle Arbitrary file read when importing lesson questions High
CVE-2022-35650 was published for moodle/moodle (Composer) Jul 26, 2022
TYPO3 Image Processing susceptible to Code Execution High
CVE-2019-11832 was published for typo3/cms (Composer) May 24, 2022
ohader Credited to ohader
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database