Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,257
Maven
5,000+
npm
3,909
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,652 advisories

Loading
Moodle reflected XSS via H5P error message Moderate
CVE-2024-43439 was published for moodle/moodle (Composer) Nov 11, 2024
Yii2 Gii Cross-site Scripting vulnerability Moderate
CVE-2022-34297 was published for yiisoft/yii2-gii (Composer) Dec 10, 2022
croogo Host header injection Moderate
CVE-2024-29643 was published for croogo/croogo (Composer) Apr 21, 2025
TYPO3-EXT-SA-2022-018: Multiple vulnerabilities in extension "Master-Quiz" (fp_masterquiz) Moderate
CVE-2022-47407 was published for fixpunkt/fp-masterquiz (Composer) Dec 14, 2022
MarkLee131
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter) Critical
CVE-2022-47408 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
ohader tdunlap607
Composer has a command injection via malicious git branch name High
CVE-2024-35241 was published for composer/composer (Composer) Jun 10, 2024
martinhaunschmid
Drupal Full Path Disclosure Moderate
CVE-2024-45440 was published for drupal/core (Composer) Aug 29, 2024
cmlara longwave
MetalGenix GeniXCMS vulnerable to SQL Injection Critical
CVE-2015-3933 was published for genix/cms (Composer) May 17, 2022
Luracast Restler directory traversal vulnerability High
CVE-2017-15363 was published for aoe/restler (Composer) May 13, 2022
OctoberCMS Cross-Site Scripting Moderate
CVE-2017-15284 was published for october/rain (Composer) May 13, 2022
Laravel Starter Cross Site Scripting (XSS) Moderate
CVE-2025-26159 was published for nasirkhan/laravel-starter (Composer) Apr 22, 2025
MantisBT vulnerable to CSRF and Open Redirect attacks Moderate
CVE-2017-7620 was published for mantisbt/mantisbt (Composer) May 17, 2022
MODX Revolution XSS via HTTP Host header Moderate
CVE-2017-9071 was published for modx/revolution (Composer) May 17, 2022
MODX Revolution cross-site scripting vulnerability Moderate
CVE-2017-9070 was published for modx/revolution (Composer) May 17, 2022
MODX Revolution allows overwriting .htaccess High
CVE-2017-9069 was published for modx/revolution (Composer) May 17, 2022
MODX Revolution Reflected XSS Moderate
CVE-2017-9068 was published for modx/revolution (Composer) May 17, 2022
MODX Revolution Directory Traversal Vulnerability High
CVE-2017-9067 was published for modx/revolution (Composer) May 17, 2022
MantisBT allows arbitrary password reset High
CVE-2017-7615 was published for mantisbt/mantisbt (Composer) May 13, 2022
TeamPass vulnerable to SQL Injection Critical
CVE-2015-7564 was published for nilsteampassnet/teampass (Composer) May 17, 2022
TeamPass vulnerable to Cross-site Scripting Moderate
CVE-2015-7562 was published for nilsteampassnet/teampass (Composer) May 17, 2022
Duplicate Advisory: Contao allows admin an account to upload SVG file containing malicious JavaScript Low
CVE-2024-45965 was published for contao/contao (Composer) Oct 2, 2024 withdrawn
zoglo
phpMyAdmin server-side request forgery (SSRF) High
CVE-2016-6621 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data High
CVE-2022-47410 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data High
CVE-2022-47411 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
The Direct Mail (direct_mail) TYPO3 extension improperly discloses sensitive information High
CVE-2013-7400 was published for directmailteam/direct-mail (Composer) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database