GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
468 advisories
Filter by severity
Symfony XML decoding attack vector through external entities
Critical
GHSA-j68w-pg49-f6vx
was published
for
symfony/serializer
(Composer)
May 30, 2024
Swiftmailer Sendmail transport arbitrary shell execution
Critical
GHSA-4qpj-gxxg-jqg4
was published
for
swiftmailer/swiftmailer
(Composer)
May 29, 2024
SimpleSAMLphp signature validation bypass
Critical
GHSA-fjr2-r2mp-484p
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
Dolibarr vulnerable to SQL Injection
Critical
CVE-2024-5315
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2024
Dolibarr vulnerable to SQL Injection
Critical
CVE-2024-5314
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2024
Silverstripe Brute force bypass on default admin
Critical
GHSA-8v6m-7f5v-hhx6
was published
for
silverstripe/framework
(Composer)
May 23, 2024
VuFind Server-Side Request Forgery (SSRF) vulnerability
Critical
CVE-2024-25738
was published
for
vufind/vufind
(Composer)
May 22, 2024
VuFind Server-Side Request Forgery (SSRF) vulnerability
Critical
CVE-2024-25737
was published
for
vufind/vufind
(Composer)
May 22, 2024
Shopware Remote Code Execution Vulnerability
Critical
GHSA-83jv-4prm-34g7
was published
for
shopware/shopware
(Composer)
May 21, 2024
Shopware Remote Code Execution Vulnerability
Critical
GHSA-7336-ghhp-f2qj
was published
for
shopware/shopware
(Composer)
May 21, 2024
Shopware Remote Code Execution Vulnerability
Critical
GHSA-q3g4-2vw9-xv27
was published
for
shopware/shopware
(Composer)
May 21, 2024
propel/propel1 SQL injection possible with limit() on MySQL
Critical
GHSA-7g7c-qhf3-x59p
was published
for
propel/propel1
(Composer)
May 20, 2024
Propel2 SQL injection possible with limit() on MySQL
Critical
GHSA-7vw7-qx38-37vr
was published
for
propel/propel
(Composer)
May 20, 2024
Flow Swift Mailer package Remote code execution
Critical
GHSA-rq6q-hjvh-5mwh
was published
for
neos/swiftmailer
(Composer)
May 17, 2024
namshi/jose - Verification bypass
Critical
GHSA-4rr6-gf59-ggw5
was published
for
namshi/jose
(Composer)
May 17, 2024
Magento Broken authentication and session managememt
Critical
CVE-2019-8149
was published
for
magento/community-edition
(Composer)
May 24, 2022
Wikimedia MediaWiki Incorrect Access Control vulnerability
Critical
CVE-2019-12468
was published
for
mediawiki/core
(Composer)
May 24, 2022
Magento RCE,XSS and other vulnerabilities
Critical
GHSA-8j7c-682x-r9f2
was published
for
magento/community-edition
(Composer)
May 15, 2024
Magento remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities
Critical
GHSA-5gmh-85x8-5cx7
was published
for
magento/community-edition
(Composer)
May 15, 2024
Magento Open Source Security Advisory: Patch SUPEE-10975
Critical
GHSA-cv25-3pxr-4q7x
was published
for
magento/community-edition
(Composer)
May 15, 2024
Magento Patch SUPEE-9652 - Remote Code Execution using mail vulnerability
Critical
GHSA-26hq-7286-mg8f
was published
for
magento/community-edition
(Composer)
May 15, 2024
Magento Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities
Critical
GHSA-6wm4-3rjj-c8xx
was published
for
magento/community-edition
(Composer)
May 15, 2024
Magento Patch SUPEE-10752 - Multiple security enhancements vulnerabilities
Critical
GHSA-prpf-cj87-hwvr
was published
for
magento/community-edition
(Composer)
May 15, 2024
Laravel RCE vulnerability in "cookie" session driver
Critical
GHSA-qm5c-m76r-2hfr
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel RCE vulnerability in "cookie" session driver
Critical
GHSA-2ffv-r4r9-r8xr
was published
for
illuminate/cookie
(Composer)
May 15, 2024
ProTip!
Advisories are also available from the
GraphQL API