Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,080
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

530 advisories

Loading
Laravel RCE vulnerability in "cookie" session driver Critical
GHSA-qm5c-m76r-2hfr was published for laravel/framework (Composer) May 15, 2024
Laravel RCE vulnerability in "cookie" session driver Critical
GHSA-2ffv-r4r9-r8xr was published for illuminate/cookie (Composer) May 15, 2024
gree/jose - "None" Algorithm treated as valid in tokens Critical
GHSA-9gxv-x7rp-r2hc was published for gree/jose (Composer) May 15, 2024
firebase/php-jwt: "None" Algorithm treated as valid on tokens Critical
GHSA-h533-5v22-8vcp was published for firebase/php-jwt (Composer) May 15, 2024
Variable Tampering within joomla/input class Critical
CVE-2022-23799 was published for joomla/input (Composer) Mar 31, 2022
Drupal core Remote Code Execution Critical
GHSA-jf8c-36vw-98x4 was published for drupal/drupal (Composer) May 15, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution Critical
GHSA-jjx7-8462-w4m4 was published for drupal/drupal (Composer) May 15, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution Critical
GHSA-7v68-3pr5-h3cr was published for drupal/core (Composer) May 15, 2024
Drupal core Remote Code Execution Critical
GHSA-6mgp-v5cm-ghg5 was published for drupal/core (Composer) May 15, 2024
Doctrine SQL injection vulnerability Critical
GHSA-6q9v-4hq6-5m67 was published for doctrine/orm (Composer) May 15, 2024
contao/core Insufficient input validation allows for code injection and remote execution Critical
GHSA-wxxw-5gq6-j2g5 was published for contao/core (Composer) May 15, 2024
codeigniter/framework SQL injection in ODBC database driver Critical
GHSA-27qr-636m-wxg2 was published for codeigniter/framework (Composer) May 15, 2024
ADOdb SQL injection vulnerability Critical
GHSA-h63c-xvpf-264j was published for adodb/adodb-php (Composer) May 15, 2024
Mautic is vulnerable to XSS vulnerability Critical
CVE-2020-35125 was published for mautic/core (Composer) May 15, 2024
nvn1729
Credited to nvn1729
Cockpit CMS contains an arbitrary file upload vulenrability Critical
CVE-2024-4825 was published for cockpit-hq/cockpit (Composer) May 14, 2024
PrestaShop cross-site scripting via customer contact form in FO, through file upload Critical
CVE-2024-34716 was published for prestashop/prestashop (Composer) May 14, 2024
matthieu-rolland aelmokhtar
Credited to matthieu-rolland and aelmokhtar
Blind XSS Leading to Froxlor Application Compromise Critical
CVE-2024-34070 was published for froxlor/froxlor (Composer) May 10, 2024
UmerAdeemCheema
Credited to UmerAdeemCheema
SimpleSAMLphp Session fixation issue and authentication bypass in the authcrypt module Critical
CVE-2017-12868 was published for simplesamlphp/simplesamlphp (Composer) May 14, 2022
ThinkPHP SQL Injection vulnerability Critical
CVE-2018-16385 was published for topthink/framework (Composer) May 14, 2022
Mautic stored Cross-site Scripting (XSS) Critical
CVE-2020-35129 was published for mautic/core (Composer) May 24, 2022
Drupal SQL Injection vulnerability Critical
CVE-2011-2715 was published for drupal/core (Composer) Apr 22, 2022
Contao Does Not Invalidate Existing Sessions When Password Changes Critical
CVE-2019-10641 was published for contao/contao (Composer) May 14, 2022
Contao Does Not Expire Tokens Correctly Critical
CVE-2019-10643 was published for contao/contao (Composer) May 13, 2022
Contao SQL injection in the file manager Critical
CVE-2019-11512 was published for contao/contao (Composer) May 24, 2022
Contao SQL injection in the backend and listing module Critical
CVE-2017-16558 was published for contao/contao (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database