Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

101 advisories

Loading
Static Code Injection in Microweber High
CVE-2022-0895 was published for microweber/microweber (Composer) Mar 11, 2022
Server-side Template Injection in nystudio107/craft-seomatic High
CVE-2021-44618 was published for nystudio107/craft-seomatic (Composer) Mar 12, 2022
Code Injection in Bolt CMS High
CVE-2021-40219 was published for bolt/core (Composer) Apr 12, 2022
PHPMailer susceptible to arbitrary code execution High
CVE-2008-5619 was published for phpmailer/phpmailer (Composer) May 14, 2022
jhutchings1
PHP Code Injection by malicious block or filename in Smarty High
CVE-2022-29221 was published for smarty/smarty (Composer) May 25, 2022
altm4n
Code injection in Elefant CMS High
CVE-2017-20064 was published for elefant/cms (Composer) Jun 21, 2022
Code injection in grav High
CVE-2022-2073 was published for getgrav/grav (Composer) Jun 30, 2022
Akeneo PIM Community Edition vulnerable to remote php code execution High
CVE-2022-46157 was published for akeneo/pim-community-dev (Composer) Dec 9, 2022
Grav's Twig processing allowing dangerous PHP functions by default High
CVE-2021-29440 was published for getgrav/grav (Composer) Apr 16, 2021
thomas-chauchefoin-sonarsource
October CMS Safe Mode bypass leads to authenticated Remote Code Execution High
CVE-2022-35944 was published for october/system (Composer) Oct 13, 2022
cydave daftspunk
October/System authenticated file write leads to remote code execution High
CVE-2021-32649 was published for october/system (Composer) Jan 14, 2022
cydave
october/system arbitrary code execution High
CVE-2021-32650 was published for october/system (Composer) Jan 14, 2022
sushiwushi
TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework High
CVE-2022-23503 was published for typo3/cms (Composer) Dec 13, 2022
Command injection in yiisoft/yii2-gii High
CVE-2020-36655 was published for yiisoft/yii2-gii (Composer) Jan 21, 2023
Improper Neutralization of Special Elements Used in a Template Engine in microweber High
CVE-2022-0896 was published for microweber/microweber (Composer) Mar 10, 2022
Code injection in dolibarr/dolibarr High
CVE-2022-0819 was published for dolibarr/dolibarr (Composer) Mar 3, 2022
froxlor is vulnerable to privilege escalation from customer to root via directory-options High
CVE-2023-0671 was published for froxlor/froxlor (Composer) Feb 4, 2023
Code Injection in froxlor/froxlor High
CVE-2023-0877 was published for froxlor/froxlor (Composer) Feb 17, 2023
Code Injection in alextselegidis/easyappointments High
CVE-2023-1367 was published for alextselegidis/easyappointments (Composer) Mar 13, 2023
Improper Control of Generation of Code in Twig rendered views High
CVE-2023-2017 was published for shopware/core (Composer) Apr 18, 2023
Creastery
Code Injection in baserCMS High
CVE-2017-10844 was published for baserproject/basercms (Composer) May 14, 2022
Authenticated RCE in Zen Cart 1.5.5e High
CVE-2017-11675 was published for zencart/zencart (Composer) May 17, 2022
Code Injection in microweber High
CVE-2022-0282 was published for microweber/microweber (Composer) Jan 21, 2022
MAGMI plugin for Magento Unsafe File Upload High
CVE-2014-8770 was published for dweeves/magmi (Composer) May 14, 2022
Pimcore Vulnerable to PHP Object Injection Attacks High
CVE-2014-2921 was published for pimcore/pimcore (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API