Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,119 advisories

Loading
FileManager Deserialization of Untrusted Data vulnerability High
CVE-2024-52306 was published for backpack/filemanager (Composer) Nov 13, 2024
Symfony has an Authentication Bypass via RememberMe High
CVE-2024-51996 was published for symfony/security-http (Composer) Nov 13, 2024
jderusse m0xr4
stof
Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI High
CVE-2024-52293 was published for craftcms/cms (Composer) Nov 13, 2024
nullchilly
Craft CMS Arbitrary System File Read High
CVE-2024-52292 was published for craftcms/cms (Composer) Nov 13, 2024
pk2codes
Laravel environment manipulation via query string High
CVE-2024-52301 was published for laravel/framework (Composer) Nov 12, 2024
PHPExcel XXE Vulnerability High
CVE-2015-3542 was published for phpoffice/phpexcel (Composer) Nov 7, 2024
Moodle has CSRF risk in Feedback non-respondents report High
CVE-2024-43434 was published for moodle/moodle (Composer) Nov 7, 2024
Moodle Remote Code Execution vulnerability High
CVE-2024-43425 was published for moodle/moodle (Composer) Nov 7, 2024
Symfony vulnerable to command execution hijack on Windows with Process class High
CVE-2024-51736 was published for symfony/process (Composer) Nov 6, 2024
nicolas-grekas
Laravel Reverb Missing API Signature Verification High
CVE-2024-50347 was published for laravel/reverb (Composer) Oct 31, 2024
RobertBoes
YesWiki Uses a Broken or Risky Cryptographic Algorithm High
CVE-2024-51478 was published for yeswiki/yeswiki (Composer) Oct 31, 2024
Nishacid
ThinkPHP deserialization vulnerability High
CVE-2024-48112 was published for topthink/thinkphp (Composer) Oct 30, 2024
SQL injection in funadmin High
CVE-2024-48229 was published for funadmin/funadmin (Composer) Oct 25, 2024
SQL injection in funadmin High
CVE-2024-48230 was published for funadmin/funadmin (Composer) Oct 25, 2024
Logic flaw in Funadmin High
CVE-2024-48227 was published for funadmin/funadmin (Composer) Oct 25, 2024
SQL injection in funadmin High
CVE-2024-48224 was published for funadmin/funadmin (Composer) Oct 25, 2024
SQL injection in funadmin High
CVE-2024-48225 was published for funadmin/funadmin (Composer) Oct 25, 2024
SQL injection in funadmin High
CVE-2024-48218 was published for funadmin/funadmin (Composer) Oct 25, 2024
SQL injection in funadmin High
CVE-2024-48223 was published for funadmin/funadmin (Composer) Oct 25, 2024
SQL injection in funadmin High
CVE-2024-48222 was published for funadmin/funadmin (Composer) Oct 25, 2024
SQL injection in funadmin High
CVE-2024-48226 was published for funadmin/funadmin (Composer) Oct 25, 2024
Remote code execution in php-heic-to-jpg High
CVE-2024-48514 was published for maestroerror/php-heic-to-jpg (Composer) Oct 24, 2024
SQL injection in funadmin High
CVE-2024-48231 was published for funadmin/funadmin (Composer) Oct 21, 2024
Snipe-IT remote code execution High
CVE-2024-48987 was published for snipe/snipe-it (Composer) Oct 11, 2024
ProTip! Advisories are also available from the GraphQL API