Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

47 advisories

Loading
Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI High
CVE-2024-52293 was published for craftcms/cms (Composer) Nov 13, 2024
nullchilly
Craft CMS Arbitrary System File Read High
CVE-2024-52292 was published for craftcms/cms (Composer) Nov 13, 2024
pk2codes
Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution High
CVE-2024-52291 was published for craftcms/cms (Composer) Nov 13, 2024
senzee1984
Moodle has CSRF risk in Feedback non-respondents report High
CVE-2024-43434 was published for moodle/moodle (Composer) Nov 7, 2024
SQL injection in funadmin High
CVE-2024-48224 was published for funadmin/funadmin (Composer) Oct 25, 2024
Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint High
CVE-2024-42485 was published for pxlrbt/filament-excel (Composer) Aug 12, 2024
RChutchev
Zip slip in opencart High
CVE-2024-21518 was published for opencart/opencart (Composer) Jun 22, 2024
ZendFramework local file inclusion vector in `Zend_View::setScriptPath()` and `render()` High
GHSA-hx3m-959f-v849 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
TYPO3 Arbitrary Code Execution and Cross-Site Scripting in Backend API High
GHSA-x428-565f-8xj2 was published for typo3/cms-core (Composer) May 30, 2024
Grav Vulnerable to Arbitrary File Read to Account Takeover High
CVE-2024-34082 was published for getgrav/grav (Composer) May 15, 2024
richighimi
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder High
CVE-2021-27916 was published for mautic/core (Composer) Apr 12, 2024
adiux mollux
Grav File Upload Path Traversal High
CVE-2024-27921 was published for getgrav/grav (Composer) Mar 22, 2024
richighimi
Appwrite Directory Traversal vulnerability High
CVE-2022-25377 was published for appwrite/server-ce (Composer) Feb 23, 2024
OroPlatform vulnerable to path traversal during temporary file manipulations High
CVE-2022-41951 was published for oro/platform (Composer) Nov 27, 2023
OpenCart Path Traversal vulnerability High
CVE-2023-2315 was published for opencart/opencart (Composer) Sep 27, 2023
Cecil Path Traversal vulnerability High
CVE-2023-4914 was published for cecil/cecil (Composer) Sep 12, 2023
elFinder vulnerable to path traversal in LocalVolumeDriver connector High
CVE-2023-35840 was published for studio-42/elfinder (Composer) Jun 14, 2023
sectroyer
Froxlor vulnerable to Path Traversal High
CVE-2023-3172 was published for froxlor/froxlor (Composer) Jun 9, 2023
Path traversal vulnerability in the file manager High
CVE-2023-29200 was published for contao/contao (Composer) Apr 26, 2023
Fix for arbitrary file deletion in customer media allows for remote code execution High
CVE-2021-41143 was published for openmage/magento-lts (Composer) Jan 27, 2023
Lavalite vulnerable to Arbitrary File Read via Directory Traversal High
CVE-2022-42188 was published for lavalite/cms (Composer) Oct 19, 2022
melisplatform/melis-asset-manager vulnerable to Path Traversal High
CVE-2022-39296 was published for melisplatform/melis-asset-manager (Composer) Oct 11, 2022
Twig may load a template outside a configured directory when using the filesystem loader High
CVE-2022-39261 was published for twig/twig (Composer) Sep 30, 2022
ICEcoder vulnerable to Path Traversal High
CVE-2022-34026 was published for icecoder/icecoder (Composer) Sep 23, 2022
Magento Path Traversal vulnerability High
CVE-2022-34254 was published for magento/community-edition (Composer) Aug 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database