GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,051 advisories
Filter by severity
contao/core PHP object injection vulnerability allows for arbitrary code execution
High
GHSA-wq43-8r5p-w3mc
was published
for
contao/core
(Composer)
May 15, 2024
OpenCFP Framework (Sentry) Account takeover via null password reset codes
High
GHSA-2m5g-8xpw-42vp
was published
for
cartalyst/sentry
(Composer)
May 15, 2024
cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction
High
GHSA-pgj4-g5j4-cmfx
was published
for
cart2quote/module-quotation-encoded
(Composer)
May 15, 2024
easyadmin-extension-bundle action case insensitivity
High
GHSA-32rx-xvvr-4xv9
was published
for
alterphp/easyadmin-extension-bundle
(Composer)
May 15, 2024
pygmentize Remote Code Execution
High
GHSA-77mv-mp2j-gxxh
was published
for
3f/pygmentize
(Composer)
May 15, 2024
Grav Vulnerable to Arbitrary File Read to Account Takeover
High
CVE-2024-34082
was published
for
getgrav/grav
(Composer)
May 15, 2024
Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process
High
CVE-2024-34077
was published
for
mantisbt/mantisbt
(Composer)
May 13, 2024
LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction
High
CVE-2024-32480
was published
for
librenms/librenms
(Composer)
Apr 22, 2024
LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS
High
CVE-2024-32479
was published
for
librenms/librenms
(Composer)
Apr 22, 2024
LibreNMS vulnerable to SQL injection time-based leads to database extraction
High
CVE-2024-32461
was published
for
librenms/librenms
(Composer)
Apr 22, 2024
Dolibarr Application Home Page has HTML injection vulnerability
High
CVE-2024-23817
was published
for
dolibarr/dolibarr
(Composer)
Apr 18, 2024
Dolibarr vulnerable to Cross-Site Request Forgery
High
CVE-2024-31503
was published
for
dolibarr/dolibarr
(Composer)
Apr 17, 2024
Dusk plugin may allow unfettered user authentication in misconfigured installs
High
CVE-2024-32003
was published
for
winter/wn-dusk-plugin
(Composer)
Apr 12, 2024
Mautic Sensitive Data Exposure due to inadequate user permission settings
High
CVE-2022-25776
was published
for
mautic/core
(Composer)
Apr 12, 2024
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder
High
CVE-2021-27916
was published
for
mautic/core
(Composer)
Apr 12, 2024
timber/timber vulnerable to Deserialization of Untrusted Data
High
CVE-2024-29800
was published
for
timber/timber
(Composer)
Apr 12, 2024
Mautic vulnerable to stored cross-site scripting in description field
High
CVE-2021-27915
was published
for
mautic/core
(Composer)
Apr 11, 2024
Contao: Possible cookie sharing with external domains while checking protected pages for broken links
High
CVE-2024-28235
was published
for
contao/core-bundle
(Composer)
Apr 9, 2024
amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames
High
GHSA-w8gf-g2vq-j2f4
was published
for
amphp/http-client
(Composer)
Apr 3, 2024
AMPHP Denial of Service via HTTP/2 CONTINUATION Frames
High
CVE-2024-2653
was published
for
amphp/http
(Composer)
Apr 3, 2024
UVDesk Community Helpdesk Improper Privilege Management
High
CVE-2024-3137
was published
for
uvdesk/core-framework
(Composer)
Apr 2, 2024
Centreon updateGroups SQL Injection Remote Code Execution Vulnerability
High
CVE-2024-23115
was published
for
centreon/centreon
(Composer)
Apr 2, 2024
Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability
High
CVE-2024-23118
was published
for
centreon/centreon
(Composer)
Apr 2, 2024
Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability
High
CVE-2024-23119
was published
for
centreon/centreon
(Composer)
Apr 2, 2024
Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability
High
CVE-2024-23116
was published
for
centreon/centreon
(Composer)
Apr 2, 2024
ProTip!
Advisories are also available from the
GraphQL API