GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,291 advisories
Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()
High
CVE-2023-47637
was published
for
pimcore/pimcore
(Composer)
Nov 15, 2023
Cross-site Scripting via uploaded assets
High
CVE-2023-48701
was published
for
statamic/cms
(Composer)
Nov 22, 2023
phpseclib vulnerable to denial of service
High
CVE-2023-49316
was published
for
phpseclib/phpseclib
(Composer)
Nov 27, 2023
Magento LTS vulnerable to Stored XSS via TinyMCE WYSIWYG Editor
High
GHSA-9j5w-2cqc-cwj9
was published
for
openmage/magento-lts
(Composer)
Dec 8, 2023
PrestaShop some attribute not escaped in Validate::isCleanHTML method
High
CVE-2024-21627
was published
for
prestashop/prestashop
(Composer)
Jan 3, 2024
Froxlor username/surname AND company field Bypass
High
CVE-2023-50256
was published
for
froxlor/froxlor
(Composer)
Jan 4, 2024
SQL Injection in Admin download files as zip
High
CVE-2024-23646
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Jan 24, 2024
Host header injection in the password reset
High
CVE-2024-23648
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Jan 24, 2024
livewire Cross-Site Request Forgery vulnerability
High
CVE-2024-22859
was published
for
livewire/livewire
(Composer)
Feb 1, 2024
•
withdrawn
Statmic CMS vulnerable to account takeover via XSS and password reset link
High
CVE-2024-24570
was published
for
statamic/cms
(Composer)
Feb 1, 2024
Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php
High
CVE-2024-24821
was published
for
composer/composer
(Composer)
Feb 8, 2024
ProTip!
Advisories are also available from the
GraphQL API