GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,057 advisories
Filter by severity
Zend-Navigation vulnerable to Cross-site Scripting
High
GHSA-6v7p-5qcq-268c
was published
for
zendframework/zend-navigation
(Composer)
Jun 7, 2024
Adminer file disclosure vulnerability
High
GHSA-97h7-mf38-g9mf
was published
for
vrana/adminer
(Composer)
Jun 7, 2024
Zendframework potential security issue in login mechanism
High
GHSA-9v78-h226-2rmq
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability
High
GHSA-mg4x-prh7-g4mx
was published
for
zendframework/zend-captcha
(Composer)
Jun 7, 2024
ZendFramework1 Potential Insufficient Entropy Vulnerability
High
GHSA-8xhv-gqm4-3w99
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zendframework Potential Information Disclosure and Insufficient Entropy vulnerability
High
GHSA-848f-mph5-9pm9
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendOpenID potential security issue in login mechanism
High
GHSA-3x57-m5p4-rgh4
was published
for
zendframework/zendopenid
(Composer)
Jun 7, 2024
zfr authentication adapter did not verify validity of tokens
High
GHSA-rcm4-jv5g-wccm
was published
for
zfr/zfr-oauth2-server-module
(Composer)
Jun 7, 2024
Laravel Framework RCE Vulnerability
High
CVE-2018-15133
was published
for
laravel/framework
(Composer)
May 14, 2022
Craft CMS discloses password hashes
High
CVE-2022-37783
was published
for
craftcms/cms
(Composer)
Dec 5, 2022
Remote code execution in web server context
High
CVE-2024-37295
was published
for
aimeos/aimeos-core
(Composer)
Jun 5, 2024
Snipe-IT allows users to promote or demote themselves or other users
High
CVE-2024-5685
was published
for
snipe/snipe-it
(Composer)
Jun 14, 2024
Composer has a command injection via malicious git branch name
High
CVE-2024-35241
was published
for
composer/composer
(Composer)
Jun 10, 2024
Composer has multiple command injections via malicious git/hg branch names
High
CVE-2024-35242
was published
for
composer/composer
(Composer)
Jun 10, 2024
Duplicate Advisory: aimeos-core arbitrary file upload vulnerability
High
CVE-2024-36811
was published
for
aimeos/aimeos-core
(Composer)
Jun 7, 2024
•
withdrawn
SQL injection in opencart
High
CVE-2024-21514
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
Aimeos HTML client may potentially reveal sensitive information in error log
High
CVE-2024-38516
was published
for
aimeos/ai-client-html
(Composer)
Jun 25, 2024
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder
High
CVE-2021-27916
was published
for
mautic/core
(Composer)
Apr 12, 2024
Name confusion in x509 Subject Alternative Name fields
High
CVE-2023-52892
was published
for
phpseclib/phpseclib
(Composer)
Jun 28, 2024
Exposure of Resource to Wrong Sphere in ThinkPHP Framework
High
CVE-2022-25481
was published
for
topthink/framework
(Composer)
Mar 22, 2022
Moodle HTTP authorization header is preserved between "emulated redirects"
High
CVE-2024-38275
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
Zip slip in opencart
High
CVE-2024-21518
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
Dolibarr arbitrary file upload vulnerability
High
CVE-2024-37821
was published
for
dolibarr/dolibarr
(Composer)
Jun 18, 2024
aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account
High
CVE-2024-39323
was published
for
aimeos/ai-admin-graphql
(Composer)
Jul 2, 2024
Moodle CSRF risk in admin preset tool management of presets
High
CVE-2024-34001
was published
for
moodle/moodle
(Composer)
May 31, 2024
ProTip!
Advisories are also available from the
GraphQL API