Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

468 advisories

Loading
Symfony XML decoding attack vector through external entities Critical
GHSA-j68w-pg49-f6vx was published for symfony/serializer (Composer) May 30, 2024
Swiftmailer Sendmail transport arbitrary shell execution Critical
GHSA-4qpj-gxxg-jqg4 was published for swiftmailer/swiftmailer (Composer) May 29, 2024
SimpleSAMLphp signature validation bypass Critical
GHSA-fjr2-r2mp-484p was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
Dolibarr vulnerable to SQL Injection Critical
CVE-2024-5315 was published for dolibarr/dolibarr (Composer) May 24, 2024
Dolibarr vulnerable to SQL Injection Critical
CVE-2024-5314 was published for dolibarr/dolibarr (Composer) May 24, 2024
Silverstripe Brute force bypass on default admin Critical
GHSA-8v6m-7f5v-hhx6 was published for silverstripe/framework (Composer) May 23, 2024
VuFind Server-Side Request Forgery (SSRF) vulnerability Critical
CVE-2024-25738 was published for vufind/vufind (Composer) May 22, 2024
VuFind Server-Side Request Forgery (SSRF) vulnerability Critical
CVE-2024-25737 was published for vufind/vufind (Composer) May 22, 2024
Shopware Remote Code Execution Vulnerability Critical
GHSA-83jv-4prm-34g7 was published for shopware/shopware (Composer) May 21, 2024
Shopware Remote Code Execution Vulnerability Critical
GHSA-7336-ghhp-f2qj was published for shopware/shopware (Composer) May 21, 2024
Shopware Remote Code Execution Vulnerability Critical
GHSA-q3g4-2vw9-xv27 was published for shopware/shopware (Composer) May 21, 2024
propel/propel1 SQL injection possible with limit() on MySQL Critical
GHSA-7g7c-qhf3-x59p was published for propel/propel1 (Composer) May 20, 2024
Propel2 SQL injection possible with limit() on MySQL Critical
GHSA-7vw7-qx38-37vr was published for propel/propel (Composer) May 20, 2024
Flow Swift Mailer package Remote code execution Critical
GHSA-rq6q-hjvh-5mwh was published for neos/swiftmailer (Composer) May 17, 2024
namshi/jose - Verification bypass Critical
GHSA-4rr6-gf59-ggw5 was published for namshi/jose (Composer) May 17, 2024
Magento Broken authentication and session managememt Critical
CVE-2019-8149 was published for magento/community-edition (Composer) May 24, 2022
Wikimedia MediaWiki Incorrect Access Control vulnerability Critical
CVE-2019-12468 was published for mediawiki/core (Composer) May 24, 2022
Magento RCE,XSS and other vulnerabilities Critical
GHSA-8j7c-682x-r9f2 was published for magento/community-edition (Composer) May 15, 2024
Magento remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities Critical
GHSA-5gmh-85x8-5cx7 was published for magento/community-edition (Composer) May 15, 2024
Magento Open Source Security Advisory: Patch SUPEE-10975 Critical
GHSA-cv25-3pxr-4q7x was published for magento/community-edition (Composer) May 15, 2024
Magento Patch SUPEE-9652 - Remote Code Execution using mail vulnerability Critical
GHSA-26hq-7286-mg8f was published for magento/community-edition (Composer) May 15, 2024
Magento Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities Critical
GHSA-6wm4-3rjj-c8xx was published for magento/community-edition (Composer) May 15, 2024
Magento Patch SUPEE-10752 - Multiple security enhancements vulnerabilities Critical
GHSA-prpf-cj87-hwvr was published for magento/community-edition (Composer) May 15, 2024
Laravel RCE vulnerability in "cookie" session driver Critical
GHSA-qm5c-m76r-2hfr was published for laravel/framework (Composer) May 15, 2024
Laravel RCE vulnerability in "cookie" session driver Critical
GHSA-2ffv-r4r9-r8xr was published for illuminate/cookie (Composer) May 15, 2024
ProTip! Advisories are also available from the GraphQL API