Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,037
Erlang
29
GitHub Actions
18
Go
1,851
Maven
5,000+
npm
3,586
NuGet
636
pip
3,169
Pub
10
RubyGems
850
Rust
803
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,070 advisories

Persistent Cross-site Scripting in eZ Platform Rich Text Field Type High
CVE-2024-43372 was published for ezsystems/ezplatform-richtext (Composer) Aug 14, 2024
4rdr
Persistent Cross-site Scripting in Ibexa RichText Field Type High
CVE-2024-43369 was published for ibexa/fieldtype-richtext (Composer) Aug 14, 2024
4rdr
Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint High
CVE-2024-42485 was published for pxlrbt/filament-excel (Composer) Aug 12, 2024
Shopware vulnerable to blind SQL-injection in DAL aggregations High
CVE-2024-42357 was published for shopware/core (Composer) Aug 8, 2024
Shopware vulnerable to Server Side Template Injection in Twig using Context functions High
CVE-2024-42356 was published for shopware/core (Composer) Aug 8, 2024
Creastery
Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag High
CVE-2024-42355 was published for shopware/core (Composer) Aug 8, 2024
Creastery
Studio 42 elFinder vulnerable to Incorrect Access Control High
CVE-2024-38909 was published for studio-42/elfinder (Composer) Jul 30, 2024
openCart Server-Side Template Injection (SSTI) vulnerability High
CVE-2024-40420 was published for opencart/opencart (Composer) Jul 17, 2024
Sylius has a security vulnerability via adjustments API endpoint High
CVE-2024-40633 was published for sylius/sylius (Composer) Jul 17, 2024
BookStack Incorrect Access Control vulnerability High
CVE-2024-36676 was published for ssddanbrown/bookstack (Composer) Jul 10, 2024
aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account High
CVE-2024-39323 was published for aimeos/ai-admin-graphql (Composer) Jul 2, 2024
ssshah2131
Name confusion in x509 Subject Alternative Name fields High
CVE-2023-52892 was published for phpseclib/phpseclib (Composer) Jun 28, 2024
Aimeos HTML client may potentially reveal sensitive information in error log High
CVE-2024-38516 was published for aimeos/ai-client-html (Composer) Jun 25, 2024
ssshah2131
Zip slip in opencart High
CVE-2024-21518 was published for opencart/opencart (Composer) Jun 22, 2024
SQL injection in opencart High
CVE-2024-21514 was published for opencart/opencart (Composer) Jun 22, 2024
Moodle HTTP authorization header is preserved between "emulated redirects" High
CVE-2024-38275 was published for moodle/moodle (Composer) Jun 18, 2024
Dolibarr arbitrary file upload vulnerability High
CVE-2024-37821 was published for dolibarr/dolibarr (Composer) Jun 18, 2024
Snipe-IT allows users to promote or demote themselves or other users High
CVE-2024-5685 was published for snipe/snipe-it (Composer) Jun 14, 2024
Magento Open Source Improper Authentication vulnerability High
CVE-2024-34103 was published for magento/community-edition (Composer) Jun 13, 2024
Magento Open Source Improper Authorization vulnerability High
CVE-2024-34104 was published for magento/community-edition (Composer) Jun 13, 2024
Composer has a command injection via malicious git branch name High
CVE-2024-35241 was published for composer/composer (Composer) Jun 10, 2024
martinhaunschmid
Composer has multiple command injections via malicious git/hg branch names High
CVE-2024-35242 was published for composer/composer (Composer) Jun 10, 2024
haqpl
nukeviet Deserialization of Untrusted Data vulnerability High
CVE-2024-36528 was published for nukeviet/nukeviet (Composer) Jun 10, 2024
zfr authentication adapter did not verify validity of tokens High
GHSA-rcm4-jv5g-wccm was published for zfr/zfr-oauth2-server-module (Composer) Jun 7, 2024
ZendOpenID potential security issue in login mechanism High
GHSA-3x57-m5p4-rgh4 was published for zendframework/zendopenid (Composer) Jun 7, 2024
ProTip! Advisories are also available from the GraphQL API