GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,040
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
76 advisories
Filter by severity
Arbitrary Code Injection in mobile-icon-resizer
Moderate
GHSA-mxjr-xmcg-fg7w
was published
for
mobile-icon-resizer
(npm)
Jun 27, 2019
Object injection in cookie driver in phpfastcache
Moderate
CVE-2019-16774
was published
for
phpfastcache/phpfastcache
(Composer)
Dec 12, 2019
XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument
Moderate
GHSA-7vcx-v65q-9wpg
was published
for
phpxmlrpc/phpxmlrpc
(Composer)
Jan 11, 2023
Insertion of Sensitive Information into Externally-Accessible File or Directory and Exposure of Sensitive Information to an Unauthorized Actor in hbs
Moderate
CVE-2021-32822
was published
for
hbs
(npm)
Sep 2, 2021
Improper Control of Generation of Code in Spring Security
Moderate
CVE-2011-2732
was published
for
org.springframework.security:spring-security-core
(Maven)
May 17, 2022
Improper Control of Generation of Code in Apache Kafka
Moderate
CVE-2018-1288
was published
for
org.apache.kafka:kafka
(Maven)
May 13, 2022
Improper Control of Generation of Code in HawtJNI
Moderate
CVE-2013-2035
was published
for
org.fusesource.hawtjni:hawtjni-runtime
(Maven)
May 17, 2022
XStream is vulnerable to a Remote Command Execution attack
Moderate
CVE-2021-21345
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Froxlor vulnerable to code injection
Moderate
CVE-2022-3869
was published
for
froxlor/froxlor
(Composer)
Nov 5, 2022
Microweber vulnerable to HTML Injection in create tag functionality
Moderate
CVE-2022-3245
was published
for
microweber/microweber
(Composer)
Sep 21, 2022
Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionality
Moderate
CVE-2021-32809
was published
for
ckeditor4
(npm)
Aug 23, 2021
Froxlor vulnerable to Code Injection
Moderate
CVE-2022-3721
was published
for
froxlor/froxlor
(Composer)
Nov 4, 2022
Code Injection in thorsten/phpmyfaq
Moderate
CVE-2023-0792
was published
for
thorsten/phpmyfaq
(Composer)
Feb 12, 2023
Insecure template handling in express-hbs
Moderate
CVE-2021-32817
was published
for
express-hbs
(npm)
May 17, 2021
phpMyFAQ Code Injection vulnerability
Moderate
CVE-2023-1761
was published
for
thorsten/phpmyfaq
(Composer)
Mar 31, 2023
fabric8 kubernetes-client vulnerable
Moderate
CVE-2021-4178
was published
for
io.fabric8:kubernetes-client
(Maven)
Jul 15, 2022
WooCommerce WordPress plugin before 6.6.0 vulnerable to stored HTML injection
Moderate
CVE-2022-2099
was published
for
woocommerce/woocommerce
(Composer)
Jul 18, 2022
Sup Code Injection vulnerability
Moderate
CVE-2013-4479
was published
for
sup
(RubyGems)
May 17, 2022
Apache Syncope JEXL Code Injection
Moderate
CVE-2014-0111
was published
for
org.apache.syncope:syncope
(Maven)
May 14, 2022
Apache Tomcat Unrestricted file upload vulnerability
Moderate
CVE-2013-4444
was published
for
org.apache.tomcat:tomcat
(Maven)
May 13, 2022
Moodle Authenticated Spelling Binary Remote Code Execution
Moderate
CVE-2013-3630
was published
for
moodle/moodle
(Composer)
May 13, 2022
Publify vulnerable to code injection
Moderate
CVE-2022-0578
was published
for
publify_core
(RubyGems)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API