GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,027 advisories
Filter by severity
Magento Open Source Security Advisory: Patch SUPEE-10975
Critical
GHSA-cv25-3pxr-4q7x
was published
for
magento/community-edition
(Composer)
May 15, 2024
Magento Patch SUPEE-9652 - Remote Code Execution using mail vulnerability
Critical
GHSA-26hq-7286-mg8f
was published
for
magento/community-edition
(Composer)
May 15, 2024
Magento Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities
Critical
GHSA-6wm4-3rjj-c8xx
was published
for
magento/community-edition
(Composer)
May 15, 2024
Magento Patch SUPEE-10752 - Multiple security enhancements vulnerabilities
Critical
GHSA-prpf-cj87-hwvr
was published
for
magento/community-edition
(Composer)
May 15, 2024
Laravel RCE vulnerability in "cookie" session driver
Critical
GHSA-qm5c-m76r-2hfr
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel RCE vulnerability in "cookie" session driver
Critical
GHSA-2ffv-r4r9-r8xr
was published
for
illuminate/cookie
(Composer)
May 15, 2024
gree/jose - "None" Algorithm treated as valid in tokens
Critical
GHSA-9gxv-x7rp-r2hc
was published
for
gree/jose
(Composer)
May 15, 2024
firebase/php-jwt: "None" Algorithm treated as valid on tokens
Critical
GHSA-h533-5v22-8vcp
was published
for
firebase/php-jwt
(Composer)
May 15, 2024
Drupal core Remote Code Execution
Critical
GHSA-jf8c-36vw-98x4
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Critical
GHSA-jjx7-8462-w4m4
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Critical
GHSA-7v68-3pr5-h3cr
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core Remote Code Execution
Critical
GHSA-6mgp-v5cm-ghg5
was published
for
drupal/core
(Composer)
May 15, 2024
Doctrine SQL injection vulnerability
Critical
GHSA-6q9v-4hq6-5m67
was published
for
doctrine/orm
(Composer)
May 15, 2024
contao/core Insufficient input validation allows for code injection and remote execution
Critical
GHSA-wxxw-5gq6-j2g5
was published
for
contao/core
(Composer)
May 15, 2024
codeigniter/framework SQL injection in ODBC database driver
Critical
GHSA-27qr-636m-wxg2
was published
for
codeigniter/framework
(Composer)
May 15, 2024
ADOdb SQL injection vulnerability
Critical
GHSA-h63c-xvpf-264j
was published
for
adodb/adodb-php
(Composer)
May 15, 2024
Mautic is vulnerable to XSS vulnerability
Critical
CVE-2020-35125
was published
for
mautic/core
(Composer)
May 15, 2024
Amazon JDBC Driver for Redshift SQL Injection via line comment generation
Critical
CVE-2024-32888
was published
for
com.amazon.redshift:redshift-jdbc42
(Maven)
May 15, 2024
Grafana Race condition allowing privilege escalation
Critical
CVE-2022-39328
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Fine-grained access control vulnerability
Critical
CVE-2021-41244
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
PrestaShop cross-site scripting via customer contact form in FO, through file upload
Critical
CVE-2024-34716
was published
for
prestashop/prestashop
(Composer)
May 14, 2024
Cockpit CMS contains an arbitrary file upload vulenrability
Critical
CVE-2024-4825
was published
for
cockpit-hq/cockpit
(Composer)
May 14, 2024
Apache Karaf Cave: Cave SSRF and arbitrary file access
Critical
CVE-2024-34365
was published
for
org.apache.karaf:cave
(Maven)
May 14, 2024
@valtimo/components exposes access token to form.io
Critical
CVE-2024-34706
was published
for
@valtimo/components
(npm)
May 13, 2024
llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata
Critical
CVE-2024-34359
was published
for
llama-cpp-python
(pip)
May 13, 2024
ProTip!
Advisories are also available from the
GraphQL API