Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,291 advisories

Loading
Winter CMS Server-Side Template Injection (SSTI) vulnerability High
CVE-2024-29686 was published for wintercms/winter (Composer) Mar 29, 2024
Moodle ReCAPTCHA can be bypassed on the login page High
CVE-2024-34009 was published for moodle/moodle (Composer) May 31, 2024
Zip slip in opencart High
CVE-2024-21518 was published for opencart/opencart (Composer) Jun 22, 2024
Dolibarr arbitrary file upload vulnerability High
CVE-2024-37821 was published for dolibarr/dolibarr (Composer) Jun 18, 2024
Sylius has a security vulnerability via adjustments API endpoint High
CVE-2024-40633 was published for sylius/sylius (Composer) Jul 17, 2024
Name confusion in x509 Subject Alternative Name fields High
CVE-2023-52892 was published for phpseclib/phpseclib (Composer) Jun 28, 2024
Snipe-IT allows users to promote or demote themselves or other users High
CVE-2024-5685 was published for snipe/snipe-it (Composer) Jun 14, 2024
Magento Open Source Improper Authorization vulnerability High
CVE-2024-34104 was published for magento/community-edition (Composer) Jun 13, 2024
Shopware vulnerable to Server Side Template Injection in Twig using Context functions High
CVE-2024-42356 was published for shopware/core (Composer) Aug 8, 2024
Creastery
Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag High
CVE-2024-42355 was published for shopware/core (Composer) Aug 8, 2024
Creastery
phpseclib does not properly limit the ASN1 OID length High
CVE-2024-27355 was published for phpseclib/phpseclib (Composer) Mar 2, 2024
Persistent Cross-site Scripting in eZ Platform Rich Text Field Type High
CVE-2024-43372 was published for ezsystems/ezplatform-richtext (Composer) Aug 14, 2024
4rdr
Persistent Cross-site Scripting in Ibexa RichText Field Type High
CVE-2024-43369 was published for ibexa/fieldtype-richtext (Composer) Aug 14, 2024
4rdr
Dolibarr vulnerable to Cross-Site Request Forgery High
CVE-2024-31503 was published for dolibarr/dolibarr (Composer) Apr 17, 2024
image-optimizer allows PHAR deserialization High
CVE-2024-34515 was published for spatie/image-optimizer (Composer) May 5, 2024
nukeviet Deserialization of Untrusted Data vulnerability High
CVE-2024-36528 was published for nukeviet/nukeviet (Composer) Jun 10, 2024
Appwrite Directory Traversal vulnerability High
CVE-2022-25377 was published for appwrite/server-ce (Composer) Feb 23, 2024
Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD> High
GHSA-34qg-65m4-f23m was published for froxlor/froxlor (Composer) Aug 23, 2024
hardfalcon
TYPO3 Install Tool vulnerable to Code Execution High
CVE-2024-22188 was published for typo3/cms-core (Composer) Feb 13, 2024
bnf
Kirby has insufficient permission checks in the language settings High
CVE-2024-41964 was published for getkirby/cms (Composer) Aug 29, 2024
SebastianEberlein-JUNO
Withdrawn Advisory: Kirby CMS HTML injection vulnerability High
CVE-2024-26482 was published for getkirby/cms (Composer) Feb 22, 2024 withdrawn
Pimcore includes vulnerable PHPOffice/PhpSpreadsheet High
GHSA-hq76-662x-7mw4 was published for pimcore/admin-ui-classic-bundle (Composer) Sep 3, 2024
ShawnRong-JJ
Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint High
CVE-2024-42485 was published for pxlrbt/filament-excel (Composer) Aug 12, 2024
RChutchev
Contao affected by remote command execution through file upload High
CVE-2024-45398 was published for contao/core-bundle (Composer) Sep 17, 2024
usdResponsibleDisclosure
Mautic Sensitive Data Exposure due to inadequate user permission settings High
CVE-2022-25776 was published for mautic/core (Composer) Apr 12, 2024
lenonleite
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database