GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,058 advisories
Filter by severity
amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames
High
GHSA-w8gf-g2vq-j2f4
was published
for
amphp/http-client
(Composer)
Apr 3, 2024
AMPHP Denial of Service via HTTP/2 CONTINUATION Frames
High
CVE-2024-2653
was published
for
amphp/http
(Composer)
Apr 3, 2024
UVDesk Community Helpdesk Improper Privilege Management
High
CVE-2024-3137
was published
for
uvdesk/core-framework
(Composer)
Apr 2, 2024
Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability
High
CVE-2024-23119
was published
for
centreon/centreon
(Composer)
Apr 2, 2024
Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability
High
CVE-2024-23118
was published
for
centreon/centreon
(Composer)
Apr 2, 2024
Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability
High
CVE-2024-0637
was published
for
centreon/centreon
(Composer)
Apr 2, 2024
Centreon updateGroups SQL Injection Remote Code Execution Vulnerability
High
CVE-2024-23115
was published
for
centreon/centreon
(Composer)
Apr 2, 2024
Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability
High
CVE-2024-23116
was published
for
centreon/centreon
(Composer)
Apr 2, 2024
Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability
High
CVE-2024-23117
was published
for
centreon/centreon
(Composer)
Apr 2, 2024
Winter CMS Server-Side Template Injection (SSTI) vulnerability
High
CVE-2024-29686
was published
for
wintercms/winter
(Composer)
Mar 29, 2024
CodeIgniter4 DoS Vulnerability
High
CVE-2024-29904
was published
for
codeigniter4/framework
(Composer)
Mar 29, 2024
phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
High
CVE-2024-28105
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
phpMyFAQ SQL injections at insertentry & saveentry
High
CVE-2024-28107
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
phpMyFAQ SQL Injection at "Save News"
High
CVE-2024-27299
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
WP Crontrol vulnerable to possible RCE when combined with a pre-condition
High
CVE-2024-28850
was published
for
johnbillion/wp-crontrol
(Composer)
Mar 25, 2024
Cross-Site Request Forgery in Anchor CMS
High
CVE-2024-29499
was published
for
anchorcms/anchor-cms
(Composer)
Mar 22, 2024
Cross-Site Request Forgery in Anchor CMS
High
CVE-2024-29338
was published
for
anchorcms/anchor-cms
(Composer)
Mar 22, 2024
Server Side Template Injection (SSTI) via Twig escape handler
High
CVE-2024-28119
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Server Side Template Injection (SSTI)
High
CVE-2024-28118
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Server Side Template Injection (SSTI)
High
CVE-2024-28117
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
High
CVE-2024-28116
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Grav File Upload Path Traversal
High
CVE-2024-27921
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (3rd time)
High
GHSA-h6j3-j35f-v2x7
was published
for
pocketmine/pocketmine-mp
(Composer)
Mar 6, 2024
PocketMine-MP BookEditPacket crash when inventory slot in the packet is invalid
High
GHSA-xc7j-wj36-qjfr
was published
for
pocketmine/pocketmine-mp
(Composer)
Mar 6, 2024
phpseclib a large prime can cause a denial of service
High
CVE-2024-27354
was published
for
phpseclib/phpseclib
(Composer)
Mar 2, 2024
ProTip!
Advisories are also available from the
GraphQL API