Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,293 advisories

Loading
ProcessWire Cross Site Request Forgery vulnerability Moderate
CVE-2024-41597 was published for processwire/processwire (Composer) Jul 19, 2024
Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload Moderate
CVE-2024-32981 was published for silverstripe/framework (Composer) Jul 17, 2024
Silverstripe Reports are still accessible even when `canView()` returns false Moderate
CVE-2024-29885 was published for silverstripe/reports (Composer) Jul 17, 2024
Silverstripe uses TinyMCE which allows svg files linked in object tags Moderate
GHSA-52cw-pvq9-9m5v was published for silverstripe/framework (Composer) Jul 17, 2024
The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames Moderate
CVE-2024-39912 was published for web-auth/webauthn-framework (Composer) Jul 15, 2024
marcriemer
PrivateBin allows shortening of URLs for other domains Moderate
CVE-2024-39899 was published for privatebin/privatebin (Composer) Jul 10, 2024
nbxiglk0
Login by Auth0 plugin for WordPress vulnerable to Reflected Cross-Site Scripting Moderate
CVE-2023-6813 was published for auth0/wordpress (Composer) Jul 11, 2024
Duplicate Advisory: Login by Auth0 plugin for WordPress vulnerable to Reflected Cross-Site Scripting Moderate
GHSA-52jw-f3jq-hhwg was published for auth0/wordpress (Composer) Jul 10, 2024 withdrawn
EGroupware mishandles an ORDER BY clause Moderate
CVE-2024-40614 was published for egroupware/egroupware (Composer) Jul 7, 2024
blitzdose
Reflected Cross-site Scripting in yiisoft/yii2 Debug mode Moderate
CVE-2024-32877 was published for yiisoft/yii2 (Composer) Jun 2, 2024
Antiphishing iBotPeaches
rob006
ShopXO Server-Side Request Forgery Vulnerability Moderate
CVE-2024-6524 was published for shopxo/shopxo (Composer) Jul 5, 2024
Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel Moderate
CVE-2024-34349 was published for sylius/sylius (Composer) May 10, 2024
Moodle broken access control when setting calendar event type Moderate
CVE-2024-33996 was published for moodle/moodle (Composer) May 31, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments Moderate
CVE-2024-34003 was published for moodle/moodle (Composer) May 31, 2024
Moodle Unsanitized HTML in site log for config_log_created Moderate
CVE-2024-34006 was published for moodle/moodle (Composer) May 31, 2024
Reportico Web fails to invalidate cookies upon logout Moderate
CVE-2024-31556 was published for reportico-web/reportico (Composer) May 14, 2024
ai-controller-frontend payment status in basket isn't reset Moderate
CVE-2024-39325 was published for aimeos/ai-controller-frontend (Composer) Jul 5, 2024
ssshah2131
aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records Moderate
CVE-2024-39322 was published for aimeos/ai-admin-jsonadm (Composer) Jul 2, 2024
ssshah2131
Cross site scripting in opencart Moderate
CVE-2024-21516 was published for opencart/opencart (Composer) Jun 22, 2024
Firefly III vulnerable to stored XSS Moderate
CVE-2019-13644 was published for grumpydictator/firefly-iii (Composer) May 24, 2022
Lavalite CMS Cross Site Scripting vulnerability Moderate
CVE-2024-31828 was published for lavalite/cms (Composer) Apr 27, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements Moderate
CVE-2024-38357 was published for TinyMCE (Composer) Jun 19, 2024
Malav-MK
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option Moderate
CVE-2024-38356 was published for TinyMCE (Composer) Jun 19, 2024
Arbitrary File Creation in opencart Moderate
CVE-2024-21519 was published for opencart/opencart (Composer) Jun 22, 2024
Moodle stored XSS via calendar's event title when deleting the event Moderate
CVE-2024-38274 was published for moodle/moodle (Composer) Jun 18, 2024
ProTip! Advisories are also available from the GraphQL API