Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,036
Erlang
29
GitHub Actions
18
Go
1,848
Maven
5,000+
npm
3,582
NuGet
636
pip
3,165
Pub
10
RubyGems
850
Rust
803
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,067 advisories

Dolibarr vulnerable to Cross-Site Request Forgery High
CVE-2024-31503 was published for dolibarr/dolibarr (Composer) Apr 17, 2024
Persistent Cross-site Scripting in Ibexa RichText Field Type High
CVE-2024-43369 was published for ibexa/fieldtype-richtext (Composer) Aug 14, 2024
4rdr
Persistent Cross-site Scripting in eZ Platform Rich Text Field Type High
CVE-2024-43372 was published for ezsystems/ezplatform-richtext (Composer) Aug 14, 2024
4rdr
phpseclib does not properly limit the ASN1 OID length High
CVE-2024-27355 was published for phpseclib/phpseclib (Composer) Mar 2, 2024
Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag High
CVE-2024-42355 was published for shopware/core (Composer) Aug 8, 2024
Creastery
Shopware vulnerable to Server Side Template Injection in Twig using Context functions High
CVE-2024-42356 was published for shopware/core (Composer) Aug 8, 2024
Creastery
Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint High
CVE-2024-42485 was published for pxlrbt/filament-excel (Composer) Aug 12, 2024
Studio 42 elFinder vulnerable to Incorrect Access Control High
CVE-2024-38909 was published for studio-42/elfinder (Composer) Jul 30, 2024
Shopware vulnerable to blind SQL-injection in DAL aggregations High
CVE-2024-42357 was published for shopware/core (Composer) Aug 8, 2024
Magento Open Source Improper Authorization vulnerability High
CVE-2024-34104 was published for magento/community-edition (Composer) Jun 13, 2024
Magento Open Source Improper Authentication vulnerability High
CVE-2024-34103 was published for magento/community-edition (Composer) Jun 13, 2024
Snipe-IT allows users to promote or demote themselves or other users High
CVE-2024-5685 was published for snipe/snipe-it (Composer) Jun 14, 2024
Name confusion in x509 Subject Alternative Name fields High
CVE-2023-52892 was published for phpseclib/phpseclib (Composer) Jun 28, 2024
Sylius has a security vulnerability via adjustments API endpoint High
CVE-2024-40633 was published for sylius/sylius (Composer) Jul 17, 2024
Zip slip in opencart High
CVE-2024-21518 was published for opencart/opencart (Composer) Jun 22, 2024
Dolibarr arbitrary file upload vulnerability High
CVE-2024-37821 was published for dolibarr/dolibarr (Composer) Jun 18, 2024
Moodle HTTP authorization header is preserved between "emulated redirects" High
CVE-2024-38275 was published for moodle/moodle (Composer) Jun 18, 2024
Cross-Site Request Forgery in Anchor CMS High
CVE-2024-29338 was published for anchorcms/anchor-cms (Composer) Mar 22, 2024
Moodle ReCAPTCHA can be bypassed on the login page High
CVE-2024-34009 was published for moodle/moodle (Composer) May 31, 2024
Winter CMS Server-Side Template Injection (SSTI) vulnerability High
CVE-2024-29686 was published for wintercms/winter (Composer) Mar 29, 2024
openCart Server-Side Template Injection (SSTI) vulnerability High
CVE-2024-40420 was published for opencart/opencart (Composer) Jul 17, 2024
phpseclib a large prime can cause a denial of service High
CVE-2024-27354 was published for phpseclib/phpseclib (Composer) Mar 2, 2024
Bagisto Cross-Site Request Forgery vulnerability High
CVE-2023-36237 was published for bagisto/bagisto (Composer) Feb 27, 2024
Unsafe Reflection in base Component class in yiisoft/yii2 High
CVE-2024-4990 was published for yiisoft/yii2 (Composer) Jun 2, 2024
zonia3000 mtangoo
iBotPeaches rob006
BookStack Incorrect Access Control vulnerability High
CVE-2024-36676 was published for ssddanbrown/bookstack (Composer) Jul 10, 2024
ProTip! Advisories are also available from the GraphQL API