Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+

463 advisories

Loading
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE Critical
GHSA-97m3-52wr-xvv2 was published for phenx/php-svg-lib (Composer) Feb 22, 2024
Blaklis ErwanGuillon
bsweeney
Shopware's session is persistent in Cache for 404 pages Critical
CVE-2024-27917 was published for shopware/platform (Composer) Mar 6, 2024
Remote Code Execution by uploading a phar file using frontmatter Critical
CVE-2024-27923 was published for getgrav/grav (Composer) Mar 6, 2024
Universe1122
Gleez Cms Server Side Request Forgery (SSRF) vulnerability Critical
CVE-2021-27312 was published for gleez/cms (Composer) Apr 3, 2024
Drupal Core Remote Code Execution Vulnerability Critical
CVE-2018-7602 was published for drupal/core (Composer) Apr 23, 2024
Zend Framework SQL injection vulnerability Critical
CVE-2014-8089 was published for zendframework/zend-db (Composer) Apr 23, 2024
PHPECC vulnerable to multiple cryptographic side-channel attacks Critical
GHSA-346h-749j-r28w was published for mdanter/ecc (Composer) Apr 25, 2024
Zenario uses Twig filters insecurely in the Twig Snippet plugin Critical
CVE-2024-34461 was published for tribalsystems/zenario (Composer) May 4, 2024
Blind XSS Leading to Froxlor Application Compromise Critical
CVE-2024-34070 was published for froxlor/froxlor (Composer) May 10, 2024
UmerAdeemCheema
Cockpit CMS contains an arbitrary file upload vulenrability Critical
CVE-2024-4825 was published for cockpit-hq/cockpit (Composer) May 14, 2024
PrestaShop cross-site scripting via customer contact form in FO, through file upload Critical
CVE-2024-34716 was published for prestashop/prestashop (Composer) May 14, 2024
matthieu-rolland aelmokhtar
Mautic is vulnerable to XSS vulnerability Critical
CVE-2020-35125 was published for mautic/core (Composer) May 15, 2024
nvn1729
ADOdb SQL injection vulnerability Critical
GHSA-h63c-xvpf-264j was published for adodb/adodb-php (Composer) May 15, 2024
codeigniter/framework SQL injection in ODBC database driver Critical
GHSA-27qr-636m-wxg2 was published for codeigniter/framework (Composer) May 15, 2024
contao/core Insufficient input validation allows for code injection and remote execution Critical
GHSA-wxxw-5gq6-j2g5 was published for contao/core (Composer) May 15, 2024
Doctrine SQL injection vulnerability Critical
GHSA-6q9v-4hq6-5m67 was published for doctrine/orm (Composer) May 15, 2024
Drupal core Remote Code Execution Critical
GHSA-6mgp-v5cm-ghg5 was published for drupal/core (Composer) May 15, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution Critical
GHSA-7v68-3pr5-h3cr was published for drupal/core (Composer) May 15, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution Critical
GHSA-jjx7-8462-w4m4 was published for drupal/drupal (Composer) May 15, 2024
Drupal core Remote Code Execution Critical
GHSA-jf8c-36vw-98x4 was published for drupal/drupal (Composer) May 15, 2024
firebase/php-jwt: "None" Algorithm treated as valid on tokens Critical
GHSA-h533-5v22-8vcp was published for firebase/php-jwt (Composer) May 15, 2024
gree/jose - "None" Algorithm treated as valid in tokens Critical
GHSA-9gxv-x7rp-r2hc was published for gree/jose (Composer) May 15, 2024
Laravel RCE vulnerability in "cookie" session driver Critical
GHSA-2ffv-r4r9-r8xr was published for illuminate/cookie (Composer) May 15, 2024
Laravel RCE vulnerability in "cookie" session driver Critical
GHSA-qm5c-m76r-2hfr was published for laravel/framework (Composer) May 15, 2024
Magento Patch SUPEE-10752 - Multiple security enhancements vulnerabilities Critical
GHSA-prpf-cj87-hwvr was published for magento/community-edition (Composer) May 15, 2024
ProTip! Advisories are also available from the GraphQL API