Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,080
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,869 advisories

Loading
Inadequate XSS Prevention in CodeIgniter/Framework Security Library Moderate
GHSA-q9j3-4ghj-6h57 was published for codeigniter/framework (Composer) May 15, 2024
Denial of Service in extension "Code Highlight" (codehighlight) Moderate
GHSA-4cv2-xc5f-px8h was published for brotkrueml/codehighlight (Composer) May 15, 2024
Denial of Service in extension "Code Highlight" (codehighlight) Moderate
GHSA-65xh-hh78-6454 was published for brotkrueml/codehighlight (Composer) May 15, 2024
amphp/http Host Header Injection vulnerability Moderate
GHSA-8v5x-6vv5-jv4g was published for amphp/http (Composer) May 15, 2024
amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance Moderate
GHSA-gm98-g2wf-7c68 was published for amphp/artax (Composer) May 15, 2024
amphp/http-client Header leakage on cross-domain redirects Moderate
GHSA-8jp9-mpv9-98rj was published for amphp/http-client (Composer) May 15, 2024
asymmetricrypt/asymmetricrypt Padding Oracle Vulnerability in RSA Encryption Moderate
GHSA-87mp-xc4x-x8rh was published for asymmetricrypt/asymmetricrypt (Composer) May 15, 2024
PHP Censor uses a weak hashing algorithm for the remember me key Moderate
CVE-2024-34914 was published for php-censor/php-censor (Composer) May 14, 2024
Anonymous PrestaShop customer can download other customers' invoices Moderate
CVE-2024-34717 was published for prestashop/prestashop (Composer) May 14, 2024
matthieu-rolland
Credited to matthieu-rolland
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController Moderate
CVE-2024-34358 was published for typo3/cms-core (Composer) May 14, 2024
derhansen bnf
bmack
Credited to derhansen, bnf, and bmack
TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController Moderate
CVE-2024-34357 was published for typo3/cms-core (Composer) May 14, 2024
derhansen ohader
Credited to derhansen and ohader
TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module Moderate
CVE-2024-34356 was published for typo3/cms-core (Composer) May 14, 2024
bnf
Credited to bnf
MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2024-34080 was published for mantisbt/mantisbt (Composer) May 13, 2024
vboctor dregad
Credited to vboctor and dregad
Sylius has potential Cross Site Scripting vulnerability via the "Province" field in the Checkout and Address Book Moderate
CVE-2024-29376 was published for sylius/sylius (Composer) May 10, 2024
Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881 Moderate
GHSA-vjwg-28gv-pm8h was published for pimcore/pimcore (Composer) Apr 24, 2024
GAL-CS
Credited to GAL-CS
MantisBT HTML Injection vulnerability Moderate
CVE-2020-25830 was published for mantisbt/mantisbt (Composer) May 24, 2022
dregad
Credited to dregad
Gleez Cms Cross-site Scripting in Profile Page Moderate
CVE-2018-1999021 was published for gleez/cms (Composer) May 14, 2022
Moodle LTI module reflected XSS risk Moderate
CVE-2022-35653 was published for moodle/moodle (Composer) Jul 26, 2022
WPGlobus plugin Stored XSS & CSRF security vulnerability Moderate
CVE-2018-5365 was published for wpglobus/wpglobus (Composer) May 14, 2022
phpMyAdmin Cross-site Scripting (XSS) vulnerability Moderate
CVE-2018-19970 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Pterodactyl panel's admin area vulnerable to Cross-site Scripting Moderate
CVE-2024-34067 was published for pterodactyl/panel (Composer) May 3, 2024
TrixterTheTux matthewpi
Credited to TrixterTheTux and matthewpi
Drupal sensitive information disclosure Moderate
CVE-2016-3170 was published for drupal/core (Composer) May 17, 2022
Moodle Email media URL tokens were not checking for user status Moderate
CVE-2019-14883 was published for moodle/moodle (Composer) May 24, 2022
Bolt Cross-site Scripting (XSS) via text input click preview button Moderate
CVE-2018-19933 was published for bolt/bolt (Composer) May 14, 2022
infusionsoft-php-sdk reflected Cross-site Scripting Moderate
CVE-2017-6216 was published for novaksolutions/infusionsoft-php-sdk (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database