Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

52 advisories

Loading
NaN/INF in serverbound movement packets can crash clients and servers High
GHSA-fm35-jgg3-3grx was published for pocketmine/pocketmine-mp (Composer) Mar 18, 2022
Insufficient type validation in pocketmine/pocketmine-mp High
GHSA-g5rr-p69h-7v3g was published for pocketmine/pocketmine-mp (Composer) Apr 22, 2022
kurt-r2c
YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number High
CVE-2021-4111 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code High
CVE-2010-4335 was published for cakephp/cakephp (Composer) May 17, 2022
ravage84
Improper Input Validation in Centreon Web High
CVE-2019-16405 was published for centreon/centreon (Composer) Jul 28, 2021
Data Flow Sanitation Issue Fix High
CVE-2021-32759 was published for openmage/magento-lts (Composer) Aug 30, 2021
Improper input validation in Drupal core High
CVE-2022-25271 was published for drupal/core (Composer) Feb 18, 2022
Browsershot does not validate URL protocols passed to Browsershot URL method High
CVE-2022-41706 was published for spatie/browsershot (Composer) Nov 25, 2022
tdunlap607
CakePHP allows remote attackers to spoof their IP High
CVE-2016-4793 was published for cakephp/cakephp (Composer) May 14, 2022
ravage84 tdunlap607
Typo3 Vulnerable to Cache Poisoning High
CVE-2014-9509 was published for typo3/cms (Composer) May 17, 2022
Moodle vulnerable to RCE High
CVE-2020-10738 was published for moodle/moodle (Composer) May 24, 2022
phpMyAdmin DoS Vulnerability High
CVE-2017-1000014 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
phpMyAdmin DoS Vulnerability High
CVE-2017-1000018 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Moodle XSS Vulnerability High
CVE-2018-10891 was published for moodle/moodle (Composer) May 13, 2022
Symfony Host Header Injection High
CVE-2018-14774 was published for symfony/symfony (Composer) May 14, 2022
phpMyAdmin DoS Vulnerability High
CVE-2016-9863 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
HTTP Multiline Header Termination High
CVE-2023-29530 was published for laminas/laminas-diactoros (Composer) Apr 24, 2023
GrahamCampbell TimWolla
Grav Server-side Template Injection (SSTI) via Twig Default Filters High
CVE-2023-34448 was published for getgrav/grav (Composer) Jun 16, 2023
jacobsoo
Improper input validation in Drupal core High
CVE-2022-25273 was published for drupal/core (Composer) Apr 26, 2023
Dolibarr Improper Input Validation vulnerability High
CVE-2023-4197 was published for dolibarr/dolibarr (Composer) Nov 1, 2023
OpenCart Path Traversal vulnerability High
CVE-2023-2315 was published for opencart/opencart (Composer) Sep 27, 2023
Froxlor username/surname AND company field Bypass High
CVE-2023-50256 was published for froxlor/froxlor (Composer) Jan 4, 2024
ahmedvienna
PrestaShop some attribute not escaped in Validate::isCleanHTML method High
CVE-2024-21627 was published for prestashop/prestashop (Composer) Jan 3, 2024
Antonio-R1 antoniospataro
matthieu-rolland AureRita boherm matks
Magento arbitrary PHP code execution via the productData parameter High
CVE-2015-6497 was published for magento/core (Composer) May 24, 2022
Indexed Search Engine for TYPO3 Command Execution via Metacharacter Injection High
CVE-2009-0258 was published for typo3/cms (Composer) May 2, 2022
ProTip! Advisories are also available from the GraphQL API