Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,688
Maven
5,000+
npm
4,320
NuGet
760
pip
4,096
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,883 advisories

Loading
Shopware Improper Session Handling in store-api account logout Moderate
CVE-2024-31447 was published for shopware/core (Composer) Apr 8, 2024
mdanilowicz
Credited to mdanilowicz
phpMyFAQ stored Cross-site Scripting at user email Moderate
CVE-2024-27300 was published for phpmyfaq/phpmyfaq (Composer) Mar 25, 2024
kevinnivekkevin
Credited to kevinnivekkevin
OpenID Connect Authentication (oidc) Typo3 extension Authentication Bypass Moderate
CVE-2024-30173 was published for causal/oidc (Composer) Apr 2, 2024
MediaWiki makeCollapsible allows applying event handler to any CSS selector Moderate
CVE-2020-10960 was published for mediawiki/core (Composer) May 24, 2022
anonymous4ACL24
Credited to anonymous4ACL24
Pimcore Preview Documents are not restricted to logged in users anymore Moderate
CVE-2024-29197 was published for pimcore/pimcore (Composer) Mar 26, 2024
rliebi patryser
Credited to rliebi and patryser
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes Moderate
CVE-2024-29203 was published for TinyMCE (Composer) Mar 26, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements Moderate
CVE-2024-29881 was published for TinyMCE (Composer) Mar 26, 2024
phpMyFAQ Stored Cross-site Scripting at File Attachments Moderate
CVE-2024-29179 was published for phpmyfaq/phpmyfaq (Composer) Mar 25, 2024
kevinnivekkevin
Credited to kevinnivekkevin
phpMyFAQ Stored HTML Injection at contentLink Moderate
CVE-2024-28108 was published for phpmyfaq/phpmyfaq (Composer) Mar 25, 2024
kevinnivekkevin
Credited to kevinnivekkevin
phpMyFAQ Stored Cross-site Scripting at FAQ News Content Moderate
CVE-2024-28106 was published for phpmyfaq/phpmyfaq (Composer) Mar 25, 2024
kevinnivekkevin
Credited to kevinnivekkevin
Storefront user can access history and most viewed data from matching back-office user with the same ID Moderate
CVE-2023-48296 was published for oro/customer-portal (Composer) Mar 25, 2024
Pinned entity creation form shows wrong data Moderate
CVE-2023-45824 was published for oro/platform (Composer) Mar 25, 2024
Slow String Operations via MultiPart Requests in Event-Driven Functions Moderate
CVE-2024-29186 was published for bref/bref (Composer) Mar 22, 2024
smaury mnapoli
rcambien GrahamCampbell
Credited to smaury, mnapoli, rcambien, and GrahamCampbell
livehelperchat Server-Side Template Injection Moderate
CVE-2024-27516 was published for remdex/livehelperchat (Composer) Feb 29, 2024
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts Moderate
GHSA-9j39-4686-m3c4 was published for ibexa/core (Composer) Mar 20, 2024
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts Moderate
GHSA-mwvh-p3hx-x4gg was published for ezsystems/ezplatform-kernel (Composer) Mar 20, 2024
Cross-site Scripting in livewire/livewire Moderate
CVE-2024-21504 was published for livewire/livewire (Composer) Mar 19, 2024
Duplicate Advisory: Unrestricted file upload of user avatar images Moderate
GHSA-fr72-9665-w3gr was published for getkirby/cms (Composer) Feb 22, 2024 withdrawn
Sulu grants access to pages regardless of role permissions Moderate
CVE-2024-27915 was published for sulu/sulu (Composer) Mar 4, 2024
CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection Moderate
CVE-2024-24815 was published for ckeditor/ckeditor (Composer) Feb 7, 2024
Rudloff
Credited to Rudloff
Kirby vulnerable to unrestricted file upload of user avatar images Moderate
CVE-2024-26483 was published for getkirby/cms (Composer) Feb 26, 2024
PlyNatwara
Credited to PlyNatwara
simplesamlphp-module-openidprovider Cross Site Scripting vulnerability Moderate
CVE-2010-10008 was published for simplesamlphp/simplesamlphp-module-openidprovider (Composer) Jan 17, 2023
Harvest Chosen vulnerable to Cross-site Scripting Moderate
CVE-2018-25050 was published for harvesthq/chosen (Composer) Dec 28, 2022
Cockpit CMS Cross-Site Scripting vulnerability Moderate
CVE-2024-2001 was published for cockpit-hq/cockpit (Composer) Feb 29, 2024
Magento LTS vulnerable to stored XSS in admin file form Moderate
GHSA-gp6m-fq6h-cjcx was published for openmage/magento-lts (Composer) Feb 27, 2024
Judx
Credited to Judx
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database