Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,746
Erlang
35
GitHub Actions
29
Go
2,319
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
920
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,264 advisories

Loading
mezzio-swoole Applications Using Diactoros Vulnerable to HTTP Host Header Attack High
GHSA-c8rp-cgf4-937w was published for mezzio/mezzio-swoole (Composer) Jul 29, 2022
Potential XSS injection In PrestaShop contactform High
CVE-2020-15178 was published for prestashop/contactform (Composer) Sep 15, 2020
Improperly checked IDs on itemstacks received from the client leading to server crash in PocketMine-MP High
GHSA-fqx3-r75h-vc89 was published for pocketmine/pocketmine-mp (Composer) Jun 7, 2022
Insufficient type validation in pocketmine/pocketmine-mp High
GHSA-g5rr-p69h-7v3g was published for pocketmine/pocketmine-mp (Composer) Apr 22, 2022
kurt-r2c
Buffer length underflow in LoginPacket causing unchecked exceptions to be thrown High
GHSA-5jfw-35xp-5m42 was published for pocketmine/bedrock-protocol (Composer) Apr 5, 2022
Automatic named constructor discovery in Valinor High
GHSA-xhr8-mpwq-2rr2 was published for cuyz/valinor (Composer) Apr 1, 2022
Ocramius
Arbitrary shell execution High
GHSA-mhfv-8rc9-w38c was published for squizlabs/php_codesniffer (Composer) Mar 26, 2022
Arbitrary shell execution High
GHSA-3988-h75v-hwf6 was published for squizlabs/php_codesniffer (Composer) Mar 26, 2022
Improperly checked metadata on tools/armour itemstacks received from the client High
GHSA-46c5-pfj8-fv65 was published for pocketmine/pocketmine-mp (Composer) Mar 18, 2022
JavierLeon9966
Possible SQL injection in tablelookupwizard Contao Extension High
GHSA-v3mr-gp7j-pw5w was published for terminal42/contao-tablelookupwizard (Composer) Feb 10, 2022
Unhandled exception when decoding form response JSON High
GHSA-wjfq-88q2-r34j was published for pocketmine/pocketmine-mp (Composer) Jan 21, 2022
IBX-1392: Image filenames sanitization High
GHSA-44m4-9cjp-j587 was published for ezsystems/ezpublish-kernel (Composer) Jan 21, 2022
Unchecked validity of Facing values in PlayerActionPacket High
GHSA-xh99-hw7h-wf63 was published for pocketmine/pocketmine-mp (Composer) Jan 13, 2022
Uncapped length of skin data fields submitted by players High
GHSA-c6fg-99pr-25m9 was published for pocketmine/pocketmine-mp (Composer) Jan 6, 2022
PocketMine-MP has improperly handled dye colour IDs in banner NBT, leading to server crash High
GHSA-wqqv-jcfr-9f5g was published for pocketmine/pocketmine-mp (Composer) Jan 9, 2023
CSV injection in Craft CMS High
GHSA-xrpj-f9v6-2332 was published for craftcms/cms (Composer) Oct 4, 2021 withdrawn
Private files publicly accessible with Cloud Storage providers High
GHSA-vrf2-xghr-j52v was published for shopware/core (Composer) Jun 28, 2021
Any storage file can be downloaded from p.sh if full server path is known High
GHSA-gqcf-83rq-gpfr was published for ibexa/post-install (Composer) Sep 14, 2021
Any storage file can be downloaded from p.sh if full server path is known High
GHSA-2rh5-jvgx-pgw3 was published for ezsystems/ezplatform (Composer) Sep 14, 2021
Content object state fetch functions open to SQL injection High
GHSA-jpwx-ffjq-wr4w was published for ezsystems/ezpublish-legacy (Composer) Sep 7, 2021
User can obtain JWT token even if account is disabled High
GHSA-36mj-6r7r-mqhf was published for ezsystems/ezplatform-rest (Composer) Sep 29, 2021
/user/sessions endpoint allows detecting valid accounts High
GHSA-gmrf-99gw-vvwj was published for ezsystems/ezpublish-kernel (Composer) Mar 11, 2021
NaN/INF in serverbound movement packets can crash clients and servers High
GHSA-fm35-jgg3-3grx was published for pocketmine/pocketmine-mp (Composer) Mar 18, 2022
SQL Server LIMIT / OFFSET SQL Injection in laravel/framework and illuminate/database High
GHSA-4mg9-vhxq-vm7j was published for illuminate/database (Composer) Apr 29, 2021
Inline attribute values were not processed. High
CVE-2020-15263 was published for orchid/platform (Composer) Oct 19, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database