GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
4,078 advisories
Filter by severity
Microweber Cross Site Scripting (XSS) vulnerability
Moderate
CVE-2024-41381
was published
for
microweber/microweber
(Composer)
Aug 5, 2024
ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF
Low
CVE-2024-41811
was published
for
ipl/web
(Composer)
Aug 5, 2024
Concrete CMS vulnerable to Stored Cross-site Scripting
Low
CVE-2024-4353
was published
for
concrete5/concrete5
(Composer)
Aug 1, 2024
eZ Platform Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget
Moderate
GHSA-gc5h-6jx9-q2qh
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
Jul 31, 2024
Ibexa Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget
Moderate
CVE-2024-39318
was published
for
ibexa/admin-ui
(Composer)
Jul 31, 2024
Bolt CMS Cross-site Scripting vulnerability
Moderate
CVE-2024-7300
was published
for
bolt/bolt
(Composer)
Jul 31, 2024
Studio 42 elFinder vulnerable to Incorrect Access Control
High
CVE-2024-38909
was published
for
studio-42/elfinder
(Composer)
Jul 30, 2024
Pimcore vulnerable to disclosure of system and database information behind /admin firewall
Moderate
CVE-2024-41109
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Jul 30, 2024
Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs
Moderate
CVE-2024-41676
was published
for
openmage/magento-lts
(Composer)
Jul 29, 2024
Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment
Critical
CVE-2024-38529
was published
for
admidio/admidio
(Composer)
Jul 29, 2024
Admidio has Blind SQL Injection in ecard_send.php
Critical
CVE-2024-37906
was published
for
admidio/admidio
(Composer)
Jul 29, 2024
RaspAP allows an attacker to escalate privileges
Critical
CVE-2024-41637
was published
for
billz/raspap-webgui
(Composer)
Jul 29, 2024
ICEcoder vulnerable to Cross Site Scripting
Moderate
CVE-2024-41375
was published
for
icecoder/icecoder
(Composer)
Jul 26, 2024
ICEcoder vulnerable to Cross Site Scripting
Moderate
CVE-2024-41374
was published
for
icecoder/icecoder
(Composer)
Jul 26, 2024
ICEcoder Path Traversal vulnerability
Moderate
CVE-2024-41373
was published
for
icecoder/icecoder
(Composer)
Jul 26, 2024
Reflected Cross Site-Scripting (XSS) in Oveleon Cookiebar
Moderate
GHSA-296q-rj83-g9rq
was published
for
oveleon/contao-cookiebar
(Composer)
Jul 26, 2024
Craft CMS Allows TOTP Token To Stay Valid After Use
Moderate
CVE-2024-41800
was published
for
craftcms/cms
(Composer)
Jul 25, 2024
Dolibarr ERP CRM vulnerable to remote code execution (RCE)
Moderate
CVE-2024-40137
was published
for
dolibarr/dolibarr
(Composer)
Jul 24, 2024
Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain places
Moderate
CVE-2024-41709
was published
for
backdrop/backdrop
(Composer)
Jul 22, 2024
ProcessWire Cross Site Request Forgery vulnerability
Moderate
CVE-2024-41597
was published
for
processwire/processwire
(Composer)
Jul 19, 2024
Automad arbitrary file upload vulnerability
Moderate
CVE-2024-40400
was published
for
automad/automad
(Composer)
Jul 19, 2024
openCart Server-Side Template Injection (SSTI) vulnerability
High
CVE-2024-40420
was published
for
opencart/opencart
(Composer)
Jul 17, 2024
Silverstripe uses TinyMCE which allows svg files linked in object tags
Moderate
GHSA-52cw-pvq9-9m5v
was published
for
silverstripe/framework
(Composer)
Jul 17, 2024
Sylius has a security vulnerability via adjustments API endpoint
High
CVE-2024-40633
was published
for
sylius/sylius
(Composer)
Jul 17, 2024
Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload
Moderate
CVE-2024-32981
was published
for
silverstripe/framework
(Composer)
Jul 17, 2024
ProTip!
Advisories are also available from the
GraphQL API