Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,651
Maven
5,000+
npm
4,279
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,328 advisories

Loading
Mautic vulnerable to Improper Access Control in UI upgrade process High
CVE-2022-25768 was published for mautic/core (Composer) Sep 18, 2024
mollux escopecz
patrykgruszka
Credited to mollux, escopecz, and patrykgruszka
Kimai has an XXE Leading to Local File Read High
GHSA-534c-hcr7-67jg was published for kimai/kimai (Composer) Sep 17, 2024
ixSly
Credited to ixSly
Contao affected by remote command execution through file upload High
CVE-2024-45398 was published for contao/core-bundle (Composer) Sep 17, 2024
usdResponsibleDisclosure
Credited to usdResponsibleDisclosure
Pimcore includes vulnerable PHPOffice/PhpSpreadsheet High
GHSA-hq76-662x-7mw4 was published for pimcore/admin-ui-classic-bundle (Composer) Sep 3, 2024
ShawnRong-JJ
Credited to ShawnRong-JJ
XXE in PHPSpreadsheet encoding is returned High
CVE-2024-45048 was published for phpoffice/phpexcel (Composer) Aug 29, 2024
bytehope chinh2597
cavias
Credited to bytehope, chinh2597, and cavias
Kirby has insufficient permission checks in the language settings High
CVE-2024-41964 was published for getkirby/cms (Composer) Aug 29, 2024
SebastianEberlein-JUNO
Credited to SebastianEberlein-JUNO
Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD> High
GHSA-34qg-65m4-f23m was published for froxlor/froxlor (Composer) Aug 23, 2024
hardfalcon
Credited to hardfalcon
Persistent Cross-site Scripting in eZ Platform Rich Text Field Type High
CVE-2024-43372 was published for ezsystems/ezplatform-richtext (Composer) Aug 14, 2024
4rdr
Credited to 4rdr
Persistent Cross-site Scripting in Ibexa RichText Field Type High
CVE-2024-43369 was published for ibexa/fieldtype-richtext (Composer) Aug 14, 2024
4rdr
Credited to 4rdr
Magento DOM-based Cross-Site Scripting (XSS) vulnerability High
CVE-2024-39400 was published for magento/community-edition (Composer) Aug 14, 2024
Magento does not properly restrict excessive authentication attempts High
CVE-2024-39398 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Stored Cross-Site Scripting (XSS) vulnerability High
CVE-2024-39403 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Path Traversal vulnerability High
CVE-2024-39399 was published for magento/community-edition (Composer) Aug 14, 2024
Magento OS Command ('OS Command Injection') vulnerability High
CVE-2024-39401 was published for magento/community-edition (Composer) Aug 14, 2024
Magento OS Command ('OS Command Injection') vulnerability High
CVE-2024-39402 was published for magento/community-edition (Composer) Aug 14, 2024
Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint High
CVE-2024-42485 was published for pxlrbt/filament-excel (Composer) Aug 12, 2024
RChutchev
Credited to RChutchev
Shopware vulnerable to Server Side Template Injection in Twig using Context functions High
CVE-2024-42356 was published for shopware/core (Composer) Aug 8, 2024
Creastery
Credited to Creastery
Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag High
CVE-2024-42355 was published for shopware/core (Composer) Aug 8, 2024
Creastery
Credited to Creastery
Studio 42 elFinder vulnerable to Incorrect Access Control High
CVE-2024-38909 was published for studio-42/elfinder (Composer) Jul 30, 2024
ICEcoder vulnerable to Cross Site Scripting High
CVE-2024-41374 was published for icecoder/icecoder (Composer) Jul 26, 2024
ICEcoder vulnerable to Cross Site Scripting High
CVE-2024-41375 was published for icecoder/icecoder (Composer) Jul 26, 2024
Dolibarr ERP CRM vulnerable to remote code execution (RCE) High
CVE-2024-40137 was published for dolibarr/dolibarr (Composer) Jul 24, 2024
Automad arbitrary file upload vulnerability High
CVE-2024-40400 was published for automad/automad (Composer) Jul 19, 2024
marcantondahmen
Credited to marcantondahmen
Sylius has a security vulnerability via adjustments API endpoint High
CVE-2024-40633 was published for sylius/sylius (Composer) Jul 17, 2024
BookStack Incorrect Access Control vulnerability High
CVE-2024-36676 was published for ssddanbrown/bookstack (Composer) Jul 10, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database