GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
46 advisories
Filter by severity
SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails
High
CVE-2024-53860
was published
for
spencer14420/sp-php-email-handler
(Composer)
Nov 27, 2024
Dolibarr ERP CRM vulnerable to remote code execution (RCE)
High
CVE-2024-40137
was published
for
dolibarr/dolibarr
(Composer)
Jul 24, 2024
Zend-Mail remote code execution in zend-mail via Sendmail adapter
High
GHSA-cxf7-m5g2-v594
was published
for
zendframework/zend-mail
(Composer)
Jun 7, 2024
ZendFramework Route Parameter Injection Via Query String in `Zend\Mvc`
High
GHSA-jq87-2wxp-8349
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
Twig remote code execution in templates
High
CVE-2015-7809
was published
for
twig/twig
(Composer)
May 14, 2022
silverstripe/framework code execution vulnerability
High
GHSA-vgxh-x8jv-hmff
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework CSV Excel Macro Injection
High
GHSA-mqjc-x563-c9q8
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Joomla! Framework Remote Code Injection Vulnerability
High
CVE-2015-8566
was published
for
joomla/session
(Composer)
May 17, 2022
SimpleSAMLphp SAML2 library Regular Expression Denial of Service vulnerability
High
CVE-2018-6519
was published
for
simplesamlphp/saml2
(Composer)
May 14, 2022
Composer Remote Code Execution vulnerability via web-accessible composer.phar
High
CVE-2023-43655
was published
for
composer/composer
(Composer)
Sep 29, 2023
MantisBT Host Header Injection vulnerability
High
CVE-2024-23830
was published
for
mantisbt/mantisbt
(Composer)
Feb 20, 2024
Pimcore Host Header Injection in user invitation link
High
CVE-2024-25625
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Feb 20, 2024
Query Binding Exploitation
High
CVE-2021-21263
was published
for
illuminate/database
(Composer)
Jan 19, 2021
Sandbox Escape by math function in smarty
High
CVE-2021-29454
was published
for
smarty/smarty
(Composer)
Jan 12, 2022
PHPMailer untrusted code may be run from an overridden address validator
High
CVE-2021-3603
was published
for
phpmailer/phpmailer
(Composer)
Jun 22, 2021
Potential Remote Code Execution vulnerability
High
CVE-2020-15227
was published
for
nette/application
(Composer)
Oct 2, 2020
Remote Code Execution in SyliusResourceBundle
High
CVE-2020-15143
was published
for
sylius/resource-bundle
(Composer)
Aug 19, 2020
Host header injection in the password reset
High
CVE-2024-23648
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Jan 24, 2024
juzawebCMS Injection vulnerability
High
CVE-2023-46468
was published
for
juzaweb/cms
(Composer)
Oct 28, 2023
grav Server-side Template Injection (SSTI) mitigation bypass
High
CVE-2023-37897
was published
for
getgrav/grav
(Composer)
Jul 19, 2023
zenstruck/collection passing callable string to EntityRepository::find() and query()
High
CVE-2023-37473
was published
for
zenstruck/collection
(Composer)
Jul 14, 2023
Dolibarr Improper Input Validation vulnerability
High
CVE-2023-4197
was published
for
dolibarr/dolibarr
(Composer)
Nov 1, 2023
Craft CMS vulnerable to Remote Code Execution via validatePath bypass
High
CVE-2023-40035
was published
for
craftcms/cms
(Composer)
Aug 21, 2023
ProTip!
Advisories are also available from the
GraphQL API