Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,655
Maven
5,000+
npm
4,284
NuGet
760
pip
4,067
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,329 advisories

Loading
Grav File Upload Path Traversal High
CVE-2024-27921 was published for getgrav/grav (Composer) Mar 22, 2024
richighimi
Credited to richighimi
raspap-webgui vulnerable to denial of service High
CVE-2024-28754 was published for billz/raspap-webgui (Composer) Mar 9, 2024
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (3rd time) High
GHSA-h6j3-j35f-v2x7 was published for pocketmine/pocketmine-mp (Composer) Mar 6, 2024
dktapps MrDiamond64
Credited to dktapps and MrDiamond64
PocketMine-MP BookEditPacket crash when inventory slot in the packet is invalid High
GHSA-xc7j-wj36-qjfr was published for pocketmine/pocketmine-mp (Composer) Mar 6, 2024
GameParrot
Credited to GameParrot
phpseclib a large prime can cause a denial of service High
CVE-2024-27354 was published for phpseclib/phpseclib (Composer) Mar 2, 2024
phpseclib does not properly limit the ASN1 OID length High
CVE-2024-27355 was published for phpseclib/phpseclib (Composer) Mar 2, 2024
Bagisto Cross-Site Request Forgery vulnerability High
CVE-2023-36237 was published for bagisto/bagisto (Composer) Feb 27, 2024
Appwrite Directory Traversal vulnerability High
CVE-2022-25377 was published for appwrite/server-ce (Composer) Feb 23, 2024
Withdrawn Advisory: Kirby CMS HTML injection vulnerability High
CVE-2024-26482 was published for getkirby/cms (Composer) Feb 22, 2024 withdrawn
Pimcore Host Header Injection in user invitation link High
CVE-2024-25625 was published for pimcore/admin-ui-classic-bundle (Composer) Feb 20, 2024
oussama-rahali
Credited to oussama-rahali
MantisBT Host Header Injection vulnerability High
CVE-2024-23830 was published for mantisbt/mantisbt (Composer) Feb 20, 2024
dregad Kerkroups
shaozi plmaltais atrol
Credited to dregad, Kerkroups, shaozi, plmaltais, and atrol
Cross-Site Request Forgery in moodle High
CVE-2024-25982 was published for moodle/moodle (Composer) Feb 19, 2024
Uncontrolled Resource Consumption in moodle High
CVE-2024-25978 was published for moodle/moodle (Composer) Feb 19, 2024
Code injection in REDAXO High
CVE-2024-25298 was published for redaxo/source (Composer) Feb 17, 2024
Magento Open Source allows OS Command Injection High
CVE-2024-20720 was published for magento/community-edition (Composer) Feb 15, 2024
Magento Open Source allows Cross-Site Scripting (XSS) High
CVE-2024-20719 was published for magento/community-edition (Composer) Feb 15, 2024
TYPO3 Install Tool vulnerable to Code Execution High
CVE-2024-22188 was published for typo3/cms-core (Composer) Feb 13, 2024
bnf
Credited to bnf
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler High
CVE-2024-25121 was published for typo3/cms-core (Composer) Feb 13, 2024
ohader
Credited to ohader
October CMS Cross-site Scripting vulnerability High
CVE-2023-25365 was published for october/october (Composer) Feb 9, 2024
Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php High
CVE-2024-24821 was published for composer/composer (Composer) Feb 8, 2024
edonsec
Credited to edonsec
PHPMailer Shell command injection High
CVE-2007-3215 was published for phpmailer/phpmailer (Composer) Feb 2, 2024
Statmic CMS vulnerable to account takeover via XSS and password reset link High
CVE-2024-24570 was published for statamic/cms (Composer) Feb 1, 2024
sec-consult
Credited to sec-consult
livewire Cross-Site Request Forgery vulnerability High
CVE-2024-22859 was published for livewire/livewire (Composer) Feb 1, 2024 withdrawn
Treggats valorin
Credited to Treggats and valorin
Craft CMS Feed-Me High
CVE-2023-36260 was published for craftcms/cms (Composer) Jan 30, 2024
Arbitrary Code Execution in Processwire High
CVE-2023-24676 was published for processwire/processwire (Composer) Jan 24, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database