GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
31 advisories
Filter by severity
Symfony vulnerable to command execution hijack on Windows with Process class
High
CVE-2024-51736
was published
for
symfony/process
(Composer)
Nov 6, 2024
RaspAP allows an attacker to escalate privileges
Critical
CVE-2024-41637
was published
for
billz/raspap-webgui
(Composer)
Jul 29, 2024
Composer has a command injection via malicious git branch name
High
CVE-2024-35241
was published
for
composer/composer
(Composer)
Jun 10, 2024
Composer has multiple command injections via malicious git/hg branch names
High
CVE-2024-35242
was published
for
composer/composer
(Composer)
Jun 10, 2024
TYPO3 Install Tool vulnerable to Code Execution
High
CVE-2024-22188
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
RaspAP Command Injection vulnerability
Critical
CVE-2022-39986
was published
for
billz/raspap-webgui
(Composer)
Aug 1, 2023
RaspAP Command Injection vulnerability
High
CVE-2022-39987
was published
for
billz/raspap-webgui
(Composer)
Aug 1, 2023
Concrete CMS Cross-site Scripting vulnerability
Moderate
CVE-2022-43695
was published
for
concrete5/concrete5
(Composer)
Jul 6, 2023
RaspAP raspap-webgui Command Injection vulnerability
High
CVE-2023-30260
was published
for
billz/raspap-webgui
(Composer)
Jun 23, 2023
WWBN AVideo command injection vulnerability
High
CVE-2023-32073
was published
for
wwbn/avideo
(Composer)
May 12, 2023
Microweber vulnerable to command injection
Moderate
CVE-2023-1877
was published
for
microweber/microweber
(Composer)
Apr 5, 2023
Command Injection in thorsten/phpmyfaq
Critical
CVE-2023-0789
was published
for
thorsten/phpmyfaq
(Composer)
Feb 12, 2023
DataFlow upload remote code execution vulnerability
High
CVE-2021-41231
was published
for
openmage/magento-lts
(Composer)
Jan 27, 2023
Fix for authenticated remote code execution through layout update
High
CVE-2021-41144
was published
for
openmage/magento-lts
(Composer)
Jan 27, 2023
Fix for arbitrary file deletion in customer media allows for remote code execution
High
CVE-2021-41143
was published
for
openmage/magento-lts
(Composer)
Jan 27, 2023
Fix for arbitrary command execution in custom layout update through blocks
High
CVE-2021-39217
was published
for
openmage/magento-lts
(Composer)
Jan 27, 2023
Froxlor vulnerable to Command Injection
High
CVE-2023-0315
was published
for
froxlor/froxlor
(Composer)
Jan 16, 2023
Drupal Core Arbitrary PHP code execution vulnerability
High
CVE-2020-13664
was published
for
drupal/core
(Composer)
May 24, 2022
Dolibarr authenticated Remote Code Execution
High
CVE-2020-35136
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Swift Mailer mail transport Command Injection
Critical
CVE-2016-10074
was published
for
swiftmailer/swiftmailer
(Composer)
May 17, 2022
phpMyAdmin PHP code injection
High
CVE-2016-6609
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
zend-mail remote code execution via Sendmail adapter
Critical
CVE-2016-10034
was published
for
zendframework/zend-mail
(Composer)
May 14, 2022
Centreon Command Injection
High
CVE-2015-1561
was published
for
centreon/centreon
(Composer)
May 14, 2022
Command injection in czproject/git-php
High
CVE-2022-25866
was published
for
czproject/git-php
(Composer)
Apr 26, 2022
Remote Code Execution in Contao Managed Edition
Critical
CVE-2022-26265
was published
for
contao/managed-edition
(Composer)
Mar 20, 2022
ProTip!
Advisories are also available from the
GraphQL API