Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,669
Erlang
34
GitHub Actions
26
Go
2,262
Maven
5,000+
npm
3,912
NuGet
705
pip
3,681
Pub
12
RubyGems
916
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,670 advisories

Loading
Composer has a command injection via malicious git branch name High
CVE-2024-35241 was published for composer/composer (Composer) Jun 10, 2024
martinhaunschmid
Drupal Full Path Disclosure Moderate
CVE-2024-45440 was published for drupal/core (Composer) Aug 29, 2024
cmlara longwave
MetalGenix GeniXCMS vulnerable to SQL Injection Critical
CVE-2015-3933 was published for genix/cms (Composer) May 17, 2022
Luracast Restler directory traversal vulnerability High
CVE-2017-15363 was published for aoe/restler (Composer) May 13, 2022
OctoberCMS Cross-Site Scripting Moderate
CVE-2017-15284 was published for october/rain (Composer) May 13, 2022
Laravel Starter Cross Site Scripting (XSS) Moderate
CVE-2025-26159 was published for nasirkhan/laravel-starter (Composer) Apr 22, 2025
MantisBT vulnerable to CSRF and Open Redirect attacks Moderate
CVE-2017-7620 was published for mantisbt/mantisbt (Composer) May 17, 2022
MODX Revolution XSS via HTTP Host header Moderate
CVE-2017-9071 was published for modx/revolution (Composer) May 17, 2022
MODX Revolution cross-site scripting vulnerability Moderate
CVE-2017-9070 was published for modx/revolution (Composer) May 17, 2022
MODX Revolution allows overwriting .htaccess High
CVE-2017-9069 was published for modx/revolution (Composer) May 17, 2022
MODX Revolution Reflected XSS Moderate
CVE-2017-9068 was published for modx/revolution (Composer) May 17, 2022
MODX Revolution Directory Traversal Vulnerability High
CVE-2017-9067 was published for modx/revolution (Composer) May 17, 2022
MantisBT allows arbitrary password reset High
CVE-2017-7615 was published for mantisbt/mantisbt (Composer) May 13, 2022
TeamPass vulnerable to SQL Injection Critical
CVE-2015-7564 was published for nilsteampassnet/teampass (Composer) May 17, 2022
TeamPass vulnerable to Cross-site Scripting Moderate
CVE-2015-7562 was published for nilsteampassnet/teampass (Composer) May 17, 2022
Duplicate Advisory: Contao allows admin an account to upload SVG file containing malicious JavaScript Low
CVE-2024-45965 was published for contao/contao (Composer) Oct 2, 2024 withdrawn
zoglo
phpMyAdmin server-side request forgery (SSRF) High
CVE-2016-6621 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data High
CVE-2022-47410 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data High
CVE-2022-47411 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
The Direct Mail (direct_mail) TYPO3 extension improperly discloses sensitive information High
CVE-2013-7400 was published for directmailteam/direct-mail (Composer) May 13, 2022
juzawebCMS Incorrect Access Control vulnerability Moderate
CVE-2023-46906 was published for juzaweb/cms (Composer) Jan 9, 2024
SilverStripe Subsite weakens file permissions Moderate
CVE-2022-42949 was published for silverstripe/subsites (Composer) Dec 19, 2022
PEAR HTTP_Request2 vulnerable to Cross-site Scripting Moderate
CVE-2025-43717 was published for pear/http_request2 (Composer) Apr 17, 2025
Cross site scripting in the system log Moderate
CVE-2021-35210 was published for contao/contao (Composer) Jul 1, 2021
Cross site scripting via input unit widget Moderate
CVE-2023-36806 was published for contao/core-bundle (Composer) Jul 25, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database