Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

481 advisories

Loading
CodeIgniter and Kohana vulnerable to PHP Object Injection Critical
CVE-2014-8684 was published for codeigniter/framework (Composer) May 17, 2022
Swift Mailer mail transport Command Injection Critical
CVE-2016-10074 was published for swiftmailer/swiftmailer (Composer) May 17, 2022
Dolibarr SQL injection vulnerability in comm/multiprix.php Critical
CVE-2017-17897 was published for dolibarr/dolibarr (Composer) May 14, 2022
Dolibarr SQL injection vulnerability in adherents/subscription/info.php Critical
CVE-2017-17899 was published for dolibarr/dolibarr (Composer) May 14, 2022
Dolibarr SQL injection vulnerability in fourn/index.php Critical
CVE-2017-17900 was published for dolibarr/dolibarr (Composer) May 14, 2022
Smarty PHP code injection Critical
CVE-2017-1000480 was published for smarty/smarty (Composer) May 14, 2022
SimpleSAMLphp SAML2 spoof SAML responses Critical
CVE-2016-9814 was published for simplesamlphp/saml2 (Composer) May 14, 2022
yii2-redis Potential Remote code execution Critical
CVE-2018-8073 was published for yiisoft/yii2-redis (Composer) May 14, 2022
thinkphp SQL Injection via the index.php s parameter Critical
CVE-2018-10225 was published for topthink/framework (Composer) May 14, 2022
SimpleSAMLphp Session fixation issue and authentication bypass in the authcrypt module Critical
CVE-2017-12868 was published for simplesamlphp/simplesamlphp (Composer) May 14, 2022
Dolibarr SQL injection vulnerability Critical
CVE-2018-10094 was published for dolibarr/dolibarr (Composer) May 14, 2022
Symfony Authentication Bypass Critical
CVE-2018-11407 was published for symfony/security (Composer) May 14, 2022
Symfony Authentication Bypass Critical
CVE-2016-2403 was published for symfony/security (Composer) May 14, 2022
CodeIgniter Session Fixation Vulnerability Critical
CVE-2018-12071 was published for codeigniter/framework (Composer) May 14, 2022
Dolibarr SQL injection vulnerability in product/card.php Critical
CVE-2018-13448 was published for dolibarr/dolibarr (Composer) May 14, 2022
Dolibarr SQL injection vulnerability in product/card.php Critical
CVE-2018-13447 was published for dolibarr/dolibarr (Composer) May 14, 2022
Centreon RCE Vulnerability Critical
CVE-2018-11587 was published for centreon/centreon (Composer) May 14, 2022
Dolibarr SQL injection vulnerability in product/card.php Critical
CVE-2018-13449 was published for dolibarr/dolibarr (Composer) May 14, 2022
Dolibarr SQL injection vulnerability in product/card.php Critical
CVE-2018-13450 was published for dolibarr/dolibarr (Composer) May 14, 2022
PHPOffice Common Improper Restriction of XML External Entity Reference Critical
CVE-2018-14065 was published for phpoffice/common (Composer) May 14, 2022
Drupal PECL YAML parser unsafe object handling Critical
CVE-2017-6920 was published for drupal/core (Composer) May 14, 2022
Bacula-web SQL Injection Vulnerabilities Critical
CVE-2017-15367 was published for bacula-web/bacula-web (Composer) May 14, 2022
Shopware RCE Vulnerability Critical
CVE-2016-3109 was published for shopware/shopware (Composer) May 14, 2022
Elefant CMS Improper Input Validation Critical
CVE-2018-15601 was published for elefant/cms (Composer) May 14, 2022
zend-mail remote code execution via Sendmail adapter Critical
CVE-2016-10034 was published for zendframework/zend-mail (Composer) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database