Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,908
Erlang
39
GitHub Actions
38
Go
2,568
Maven
5,000+
npm
4,240
NuGet
754
pip
4,004
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

98 advisories

Loading
Code Injection in thorsten/phpmyfaq Moderate
CVE-2023-0792 was published for thorsten/phpmyfaq (Composer) Feb 12, 2023
XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument Moderate
GHSA-7vcx-v65q-9wpg was published for phpxmlrpc/phpxmlrpc (Composer) Jan 11, 2023
TGADMIN00
Credited to TGADMIN00
Froxlor vulnerable to code injection Moderate
CVE-2022-3869 was published for froxlor/froxlor (Composer) Nov 5, 2022
Froxlor vulnerable to Code Injection Moderate
CVE-2022-3721 was published for froxlor/froxlor (Composer) Nov 4, 2022
Microweber vulnerable to HTML Injection in create tag functionality Moderate
CVE-2022-3245 was published for microweber/microweber (Composer) Sep 21, 2022
WooCommerce WordPress plugin before 6.6.0 vulnerable to stored HTML injection Moderate
CVE-2022-2099 was published for woocommerce/woocommerce (Composer) Jul 18, 2022
fabric8 kubernetes-client vulnerable Moderate
CVE-2021-4178 was published for io.fabric8:kubernetes-client (Maven) Jul 15, 2022
sbenhai tdunlap607
Credited to sbenhai and tdunlap607
qlib Deserialization of Untrusted Data vulnerability Moderate
CVE-2021-23338 was published for pyqlib (pip) May 24, 2022
Improper Control of Generation of Code in Spring Security Moderate
CVE-2011-2732 was published for org.springframework.security:spring-security-core (Maven) May 17, 2022
Sup Code Injection vulnerability Moderate
CVE-2013-4478 was published for sup (RubyGems) May 17, 2022
Plone Sandbox Bypass Moderate
CVE-2012-5493 was published for Plone (pip) May 17, 2022
Cobbler vulnerable to code injection via unsafe YAML loading Moderate
CVE-2011-4953 was published for cobbler (pip) May 17, 2022
Improper Control of Generation of Code in HawtJNI Moderate
CVE-2013-2035 was published for org.fusesource.hawtjni:hawtjni-runtime (Maven) May 17, 2022
Jenkins allows for Code Execution via Crafted Packet to the CLI Moderate
CVE-2014-3666 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Symfony Vulnerable to PHP Eval Injection Moderate
CVE-2015-2308 was published for symfony/http-kernel (Composer) May 17, 2022
Improper Control of Generation of Code ('Code Injection') in Spring Framework Moderate
CVE-2010-1622 was published for org.springframework:spring (Maven) May 17, 2022
sunSUNQ
Credited to sunSUNQ
Sup Code Injection vulnerability Moderate
CVE-2013-4479 was published for sup (RubyGems) May 17, 2022
Publify vulnerable to code injection Moderate
CVE-2022-0578 was published for publify_core (RubyGems) May 17, 2022
Jenkins allows Remote Users to Inject Build Parameters Moderate
CVE-2016-3721 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
phpMyAdmin remote variable manipulation Moderate
CVE-2011-2505 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Apache Syncope JEXL Code Injection Moderate
CVE-2014-0111 was published for org.apache.syncope:syncope (Maven) May 14, 2022
Improper Control of Generation of Code in Apache Camel Moderate
CVE-2013-4330 was published for org.apache.camel:camel-core (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
Moodle remote code execution via quiz questions Moderate
CVE-2014-3545 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Apache Tomcat Unrestricted file upload vulnerability Moderate
CVE-2013-4444 was published for org.apache.tomcat:tomcat (Maven) May 13, 2022
Securimage HTML Injection Moderate
CVE-2017-14077 was published for dapphp/securimage (Composer) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database