GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,955
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+
1,264 advisories
Filter by severity
ImpressPages CMS eval injection vulnerability
High
CVE-2011-4932
was published
for
impresspages/impresspages
(Composer)
May 17, 2022
Multishop extension for TYPO3 has SQL Injection vulnerability
High
CVE-2013-4682
was published
for
bvbmedia/multishop
(Composer)
May 17, 2022
News system (news) extension for TYPO3 vulnerable to SQL Injection
High
CVE-2013-4748
was published
for
georgringer/news
(Composer)
May 17, 2022
CoolURI extension for TYPO3 vulnerable to SQL Injection
High
CVE-2013-5322
was published
for
bednee/cooluri
(Composer)
May 17, 2022
Pimcore Vulnerable to PHP Object Injection Attacks
High
CVE-2014-2921
was published
for
pimcore/pimcore
(Composer)
May 17, 2022
TYPO3 doesn't properly check file extensions
High
CVE-2013-4250
was published
for
typo3/cms
(Composer)
May 17, 2022
TYPO3 vulnerable to remote authenticated arbitrary code execution
High
CVE-2013-4321
was published
for
typo3/cms
(Composer)
May 17, 2022
TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code
High
CVE-2014-3942
was published
for
typo3/cms
(Composer)
May 14, 2022
GeSHi vulnerable to Directory Traversal
High
CVE-2012-3521
was published
for
geshi/geshi
(Composer)
May 17, 2022
TYPO3 powermail extension has unrestricted file upload vulnerability
High
CVE-2014-3947
was published
for
in2code/powermail
(Composer)
May 17, 2022
WEC Map (wec_map) extension for TYPO3 allows SQL Injection
High
CVE-2014-6295
was published
for
jbartels/wec-map
(Composer)
May 17, 2022
yag and pt_extbase extensions for TYPO3 allow remote attackers to bypass access restrictions
High
CVE-2014-6289
was published
for
dl/yag
(Composer)
May 17, 2022
phpMyAdmin allows remote attackers to spoof content via the url parameter
High
CVE-2015-7873
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
phpMyAdmin vulnerable to Cross-Site Request Forgery
High
CVE-2016-5739
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
phpMyAdmin SQL injection in user accounts page
High
CVE-2020-5504
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 24, 2022
The Direct Mail (direct_mail) TYPO3 extension improperly discloses sensitive information
High
CVE-2013-7400
was published
for
directmailteam/direct-mail
(Composer)
May 13, 2022
"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data
High
CVE-2022-47411
was published
for
fixpunkt/fp-newsletter
(Composer)
Dec 14, 2022
"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data
High
CVE-2022-47410
was published
for
fixpunkt/fp-newsletter
(Composer)
Dec 14, 2022
phpMyAdmin server-side request forgery (SSRF)
High
CVE-2016-6621
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
MantisBT allows arbitrary password reset
High
CVE-2017-7615
was published
for
mantisbt/mantisbt
(Composer)
May 13, 2022
MODX Revolution Directory Traversal Vulnerability
High
CVE-2017-9067
was published
for
modx/revolution
(Composer)
May 17, 2022
MODX Revolution allows overwriting .htaccess
High
CVE-2017-9069
was published
for
modx/revolution
(Composer)
May 17, 2022
Luracast Restler directory traversal vulnerability
High
CVE-2017-15363
was published
for
aoe/restler
(Composer)
May 13, 2022
Composer has a command injection via malicious git branch name
High
CVE-2024-35241
was published
for
composer/composer
(Composer)
Jun 10, 2024
Moodle allows unauthenticated REST API user data exposure
High
CVE-2025-32044
was published
for
moodle/moodle
(Composer)
Apr 25, 2025
ProTip!
Advisories are also available from the
GraphQL API