Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

31 advisories

Loading
Composer has a command injection via malicious git branch name High
CVE-2024-35241 was published for composer/composer (Composer) Jun 10, 2024
martinhaunschmid
Composer has multiple command injections via malicious git/hg branch names High
CVE-2024-35242 was published for composer/composer (Composer) Jun 10, 2024
haqpl
Symfony vulnerable to command execution hijack on Windows with Process class High
CVE-2024-51736 was published for symfony/process (Composer) Nov 6, 2024
nicolas-grekas
TYPO3 Install Tool vulnerable to Code Execution High
CVE-2024-22188 was published for typo3/cms-core (Composer) Feb 13, 2024
bnf
RaspAP allows an attacker to escalate privileges Critical
CVE-2024-41637 was published for billz/raspap-webgui (Composer) Jul 29, 2024
Swift Mailer mail transport Command Injection Critical
CVE-2016-10074 was published for swiftmailer/swiftmailer (Composer) May 17, 2022
Dolibarr authenticated Remote Code Execution High
CVE-2020-35136 was published for dolibarr/dolibarr (Composer) May 24, 2022
phpMyAdmin PHP code injection High
CVE-2016-6609 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
zend-mail remote code execution via Sendmail adapter Critical
CVE-2016-10034 was published for zendframework/zend-mail (Composer) May 14, 2022
Drupal Core Arbitrary PHP code execution vulnerability High
CVE-2020-13664 was published for drupal/core (Composer) May 24, 2022
Improper escaping of command arguments on Windows leading to command injection High
CVE-2021-41116 was published for composer/composer (Composer) Oct 5, 2021
paul-gerste-sonarsource
RaspAP Command Injection vulnerability High
CVE-2022-39987 was published for billz/raspap-webgui (Composer) Aug 1, 2023
MarkLee131
RaspAP Command Injection vulnerability Critical
CVE-2022-39986 was published for billz/raspap-webgui (Composer) Aug 1, 2023
MarkLee131
WWBN AVideo command injection vulnerability High
CVE-2023-32073 was published for wwbn/avideo (Composer) May 12, 2023
jmrcsnchz
RaspAP raspap-webgui Command Injection vulnerability High
CVE-2023-30260 was published for billz/raspap-webgui (Composer) Jun 23, 2023
Remote code execution in PHPMailer Critical
CVE-2016-10033 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Remote code execution in PHPMailer Critical
CVE-2016-10045 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Concrete CMS Cross-site Scripting vulnerability Moderate
CVE-2022-43695 was published for concrete5/concrete5 (Composer) Jul 6, 2023
Centreon Command Injection High
CVE-2015-1561 was published for centreon/centreon (Composer) May 14, 2022
Fix for arbitrary file deletion in customer media allows for remote code execution High
CVE-2021-41143 was published for openmage/magento-lts (Composer) Jan 27, 2023
Froxlor vulnerable to Command Injection High
CVE-2023-0315 was published for froxlor/froxlor (Composer) Jan 16, 2023
Microweber vulnerable to command injection Moderate
CVE-2023-1877 was published for microweber/microweber (Composer) Apr 5, 2023
Command Injection in thorsten/phpmyfaq Critical
CVE-2023-0789 was published for thorsten/phpmyfaq (Composer) Feb 12, 2023
Fix for authenticated remote code execution through layout update High
CVE-2021-41144 was published for openmage/magento-lts (Composer) Jan 27, 2023
DataFlow upload remote code execution vulnerability High
CVE-2021-41231 was published for openmage/magento-lts (Composer) Jan 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database