GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
12 advisories
Filter by severity
Cachet configuration leak
High
CVE-2021-39174
was published
for
cachethq/cachet
(Composer)
Aug 30, 2021
Cachet vulnerable to forced reinstall
High
CVE-2021-39173
was published
for
cachethq/cachet
(Composer)
Aug 30, 2021
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE
Critical
CVE-2021-32682
was published
for
studio-42/elfinder
(Composer)
Jun 16, 2021
Grav's Twig processing allowing dangerous PHP functions by default
High
CVE-2021-29440
was published
for
getgrav/grav
(Composer)
Apr 16, 2021
elFinder unsafe upload filtering leading to remote code execution
High
CVE-2021-23394
was published
for
studio-42/elfinder
(Composer)
Jun 15, 2021
Cachet vulnerable to new line injection during configuration edition
High
CVE-2021-39172
was published
for
cachethq/cachet
(Composer)
Aug 30, 2021
dio vulnerable to CRLF injection with HTTP method string
High
CVE-2021-31402
was published
for
dio
(Pub)
Mar 21, 2023
CasaOS contains weak JWT secrets
Critical
CVE-2023-37266
was published
for
github.com/IceWhaleTech/CasaOS
(Go)
Jul 17, 2023
CasaOS Gateway vulnerable to incorrect identification of source IP addresses
Critical
CVE-2023-37265
was published
for
github.com/IceWhaleTech/CasaOS-Gateway
(Go)
Jul 17, 2023
Missing input validation can lead to command execution in composer
High
CVE-2022-24828
was published
for
composer/composer
(Composer)
Apr 22, 2022
Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial
High
CVE-2021-29472
was published
for
composer/composer
(Composer)
Apr 29, 2021
Composer Remote Code Execution vulnerability via web-accessible composer.phar
High
CVE-2023-43655
was published
for
composer/composer
(Composer)
Sep 29, 2023
ProTip!
Advisories are also available from the
GraphQL API