GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
4,238 advisories
Filter by severity
Symfony Service IDs Allow Injection
Critical
CVE-2019-10910
was published
for
symfony/dependency-injection
(Composer)
Nov 18, 2019
SilverStripe Priviledge escalation through cache pollution
Low
CVE-2019-12617
was published
for
silverstripe/framework
(Composer)
Nov 12, 2019
Lack of access control on upoaded files
Moderate
CVE-2019-12245
was published
for
silverstripe/assets
(Composer)
Nov 12, 2019
Session fixation in change password form
Moderate
CVE-2019-12203
was published
for
silverstripe/framework
(Composer)
Nov 12, 2019
Missing warning can lead to unauthenticated admin access in SilverStripe
Critical
CVE-2019-12204
was published
for
silverstripe/cms
(Composer)
Nov 12, 2019
SilverStripe Versioned Files module Unpublished files are exposed publicly
Moderate
CVE-2019-16409
was published
for
silverstripe/framework
(Composer)
Nov 12, 2019
Symfony Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2019-10909
was published
for
drupal/core
(Composer)
Nov 12, 2019
Composer JavaScript injection possible via html comments
Moderate
CVE-2019-8233
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Magento Cross-Site Scripting via Attribute Set Name
Moderate
CVE-2019-8145
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Bypass of sitemp access restrictions
Moderate
CVE-2019-8133
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Remote code execution via vulnerable Symphony dependecy injection
Critical
CVE-2019-8135
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Using JS libraries with known security vulnerabilities
High
CVE-2019-8121
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Information disclosure through processing of external XML entities
Moderate
CVE-2019-8126
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Signature validation bypass in XmlSecLibs
High
CVE-2019-3465
was published
for
robrichards/xmlseclibs
(Composer)
Nov 8, 2019
Authorization Bypass Through User-Controlled Key in Bagisto
Moderate
CVE-2019-16403
was published
for
bagisto/bagisto
(Composer)
Nov 8, 2019
Cross-site Scripting in Grav
Moderate
CVE-2019-16126
was published
for
getgrav/grav
(Composer)
Nov 8, 2019
SQL Injection in SimpleSAMLphp
Critical
CVE-2019-15537
was published
for
cesnet/simplesamlphp-module-proxystatistics
(Composer)
Nov 8, 2019
Cross-site scripting in Dolibarr
Moderate
CVE-2019-16197
was published
for
dolibarr/dolibarr
(Composer)
Nov 8, 2019
Cross-site Scripting in Bolt
Moderate
CVE-2019-15485
was published
for
bolt/bolt
(Composer)
Nov 8, 2019
Incorrect Access Control vulnerability in api-platform/core
Moderate
CVE-2019-1000011
was published
for
api-platform/core
(Composer)
Oct 14, 2019
Cross-site Scripting in YII2-CMS
Moderate
CVE-2019-16130
was published
for
yii2mod/yii2-cms
(Composer)
Oct 14, 2019
SQL Injection in LibreNMS
High
CVE-2019-10671
was published
for
librenms/librenms
(Composer)
Oct 11, 2019
SQL Injection in LibreNMS
High
CVE-2019-12465
was published
for
librenms/librenms
(Composer)
Oct 11, 2019
Path Traversal in LibreNMS
High
CVE-2019-12464
was published
for
librenms/librenms
(Composer)
Oct 11, 2019
Exposure of Sensitive Information to an Unauthorized Actor in LibreNMS
Moderate
CVE-2019-10667
was published
for
librenms/librenms
(Composer)
Oct 11, 2019
ProTip!
Advisories are also available from the
GraphQL API