Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,175
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

52 advisories

Loading
Snipe-IT API Vulnerable to Cross-Tenant Accessory Injection High
CVE-2026-54329 was published for snipe/snipe-it (Composer) Jun 23, 2026
tahirsercan Credited to tahirsercan
Froxlor: BIND Zone File Injection via TXT Record Content High
CVE-2026-41234 was published for froxlor/froxlor (Composer) Jun 3, 2026
hett-patell Credited to hett-patell and SKaif009 SKaif009 SKaif009
Froxlor has an incomplete fix for CVE-2026-30932 High
CVE-2026-41237 was published for froxlor/froxlor (Composer) May 29, 2026
decsecre583 Credited to decsecre583
AWS SDK for PHP has CloudFront Policy Document Injection via Special Characters High
GHSA-27qh-8cxx-2cr5 was published for aws/aws-sdk-php (Composer) Mar 27, 2026
Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API High
CVE-2026-30932 was published for froxlor/froxlor (Composer) Mar 24, 2026
q1uf3ng Credited to q1uf3ng
SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails High
CVE-2024-53860 was published for spencer14420/sp-php-email-handler (Composer) Nov 27, 2024
Dolibarr ERP CRM vulnerable to remote code execution (RCE) High
CVE-2024-40137 was published for dolibarr/dolibarr (Composer) Jul 24, 2024
Zend-Mail remote code execution in zend-mail via Sendmail adapter High
GHSA-cxf7-m5g2-v594 was published for zendframework/zend-mail (Composer) Jun 7, 2024
ZendFramework Route Parameter Injection Via Query String in `Zend\Mvc` High
GHSA-jq87-2wxp-8349 was published for zendframework/zendframework (Composer) Jun 7, 2024
silverstripe/framework code execution vulnerability High
GHSA-vgxh-x8jv-hmff was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework CSV Excel Macro Injection High
GHSA-mqjc-x563-c9q8 was published for silverstripe/framework (Composer) May 27, 2024
Pimcore Host Header Injection in user invitation link High
CVE-2024-25625 was published for pimcore/admin-ui-classic-bundle (Composer) Feb 20, 2024
oussama-rahali Credited to oussama-rahali
MantisBT Host Header Injection vulnerability High
CVE-2024-23830 was published for mantisbt/mantisbt (Composer) Feb 20, 2024
dregad Credited to dregad, Kerkroups, shaozi, plmaltais, and atrol Kerkroups Kerkroups
shaozi shaozi plmaltais plmaltais atrol atrol
Craft CMS Feed-Me High
CVE-2023-36260 was published for craftcms/cms (Composer) Jan 30, 2024
Host header injection in the password reset High
CVE-2024-23648 was published for pimcore/admin-ui-classic-bundle (Composer) Jan 24, 2024
Mathisca Credited to Mathisca
Dolibarr Improper Input Validation vulnerability High
CVE-2023-4197 was published for dolibarr/dolibarr (Composer) Nov 1, 2023
juzawebCMS Injection vulnerability High
CVE-2023-46468 was published for juzaweb/cms (Composer) Oct 28, 2023
Composer Remote Code Execution vulnerability via web-accessible composer.phar High
CVE-2023-43655 was published for composer/composer (Composer) Sep 29, 2023
thomas-chauchefoin-sonarsource Credited to thomas-chauchefoin-sonarsource
Craft CMS vulnerable to Remote Code Execution via validatePath bypass High
CVE-2023-40035 was published for craftcms/cms (Composer) Aug 21, 2023
awakerrday Credited to awakerrday
grav Server-side Template Injection (SSTI) mitigation bypass High
CVE-2023-37897 was published for getgrav/grav (Composer) Jul 19, 2023
s4ex Credited to s4ex and Malayke Malayke Malayke
zenstruck/collection passing callable string to EntityRepository::find() and query() High
CVE-2023-37473 was published for zenstruck/collection (Composer) Jul 14, 2023
kbond Credited to kbond
Craft CMS vulnerable to Remote Code Execution via unrestricted file extension High
CVE-2023-32679 was published for craftcms/cms (Composer) May 22, 2023
awakerrday Credited to awakerrday
Account Takeover Through Password Reset Poisoning High
CVE-2022-33012 was published for microweber/microweber (Composer) Nov 22, 2022
Known vulnerable to account takeover via host header injection attack in v1.3.1 High
CVE-2022-33011 was published for idno/known (Composer) Jul 9, 2022
Code injection in concrete CMS High
CVE-2022-21829 was published for concrete5/core (Composer) Jun 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database