Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,290 advisories

Loading
aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account High
CVE-2024-39323 was published for aimeos/ai-admin-graphql (Composer) Jul 2, 2024
ssshah2131
Name confusion in x509 Subject Alternative Name fields High
CVE-2023-52892 was published for phpseclib/phpseclib (Composer) Jun 28, 2024
Aimeos HTML client may potentially reveal sensitive information in error log High
CVE-2024-38516 was published for aimeos/ai-client-html (Composer) Jun 25, 2024
ssshah2131
Zip slip in opencart High
CVE-2024-21518 was published for opencart/opencart (Composer) Jun 22, 2024
Arbitrary File Creation in opencart High
CVE-2024-21519 was published for opencart/opencart (Composer) Jun 22, 2024
SQL injection in opencart High
CVE-2024-21514 was published for opencart/opencart (Composer) Jun 22, 2024
Dolibarr arbitrary file upload vulnerability High
CVE-2024-37821 was published for dolibarr/dolibarr (Composer) Jun 18, 2024
Snipe-IT allows users to promote or demote themselves or other users High
CVE-2024-5685 was published for snipe/snipe-it (Composer) Jun 14, 2024
Magento Open Source Improper Authorization vulnerability High
CVE-2024-34104 was published for magento/community-edition (Composer) Jun 13, 2024
Composer has a command injection via malicious git branch name High
CVE-2024-35241 was published for composer/composer (Composer) Jun 10, 2024
martinhaunschmid
Composer has multiple command injections via malicious git/hg branch names High
CVE-2024-35242 was published for composer/composer (Composer) Jun 10, 2024
haqpl
nukeviet Deserialization of Untrusted Data vulnerability High
CVE-2024-36528 was published for nukeviet/nukeviet (Composer) Jun 10, 2024
zfr authentication adapter did not verify validity of tokens High
GHSA-rcm4-jv5g-wccm was published for zfr/zfr-oauth2-server-module (Composer) Jun 7, 2024
ZendOpenID potential security issue in login mechanism High
GHSA-3x57-m5p4-rgh4 was published for zendframework/zendopenid (Composer) Jun 7, 2024
Zendframework Potential Information Disclosure and Insufficient Entropy vulnerability High
GHSA-848f-mph5-9pm9 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework1 Potential Insufficient Entropy Vulnerability High
GHSA-8xhv-gqm4-3w99 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability High
GHSA-mg4x-prh7-g4mx was published for zendframework/zend-captcha (Composer) Jun 7, 2024
Zendframework potential security issue in login mechanism High
GHSA-9v78-h226-2rmq was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Adminer file disclosure vulnerability High
GHSA-97h7-mf38-g9mf was published for vrana/adminer (Composer) Jun 7, 2024
Zend-Navigation vulnerable to Cross-site Scripting High
GHSA-6v7p-5qcq-268c was published for zendframework/zend-navigation (Composer) Jun 7, 2024
Zend-Feed URL Rewrite vulnerability High
GHSA-jmmp-vh96-78rm was published for zendframework/zend-feed (Composer) Jun 7, 2024
Zend-HTTP URL Rewrite vulnerability High
GHSA-cg8w-5jrc-675g was published for zendframework/zend-http (Composer) Jun 7, 2024
Zendframework Local file disclosure via XXE injection in Zend_XmlRpc High
GHSA-229x-22xc-2f2w was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Zendframework Denial of Service vector via XEE injection High
GHSA-2jx7-xg83-j2m7 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Duplicate Advisory: aimeos-core arbitrary file upload vulnerability High
CVE-2024-36811 was published for aimeos/aimeos-core (Composer) Jun 7, 2024 withdrawn
aimeos
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database