GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,083 advisories
Filter by severity
Composer has multiple command injections via malicious git/hg branch names
High
CVE-2024-35242
was published
for
composer/composer
(Composer)
Jun 10, 2024
Composer has a command injection via malicious git branch name
High
CVE-2024-35241
was published
for
composer/composer
(Composer)
Jun 10, 2024
Magento Open Source Improper Authentication vulnerability
High
CVE-2024-34103
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
Magento Open Source Improper Authorization vulnerability
High
CVE-2024-34104
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
Snipe-IT allows users to promote or demote themselves or other users
High
CVE-2024-5685
was published
for
snipe/snipe-it
(Composer)
Jun 14, 2024
Moodle HTTP authorization header is preserved between "emulated redirects"
High
CVE-2024-38275
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
Dolibarr arbitrary file upload vulnerability
High
CVE-2024-37821
was published
for
dolibarr/dolibarr
(Composer)
Jun 18, 2024
SQL injection in opencart
High
CVE-2024-21514
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
Zip slip in opencart
High
CVE-2024-21518
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
Aimeos HTML client may potentially reveal sensitive information in error log
High
CVE-2024-38516
was published
for
aimeos/ai-client-html
(Composer)
Jun 25, 2024
Name confusion in x509 Subject Alternative Name fields
High
CVE-2023-52892
was published
for
phpseclib/phpseclib
(Composer)
Jun 28, 2024
aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account
High
CVE-2024-39323
was published
for
aimeos/ai-admin-graphql
(Composer)
Jul 2, 2024
BookStack Incorrect Access Control vulnerability
High
CVE-2024-36676
was published
for
ssddanbrown/bookstack
(Composer)
Jul 10, 2024
Sylius has a security vulnerability via adjustments API endpoint
High
CVE-2024-40633
was published
for
sylius/sylius
(Composer)
Jul 17, 2024
openCart Server-Side Template Injection (SSTI) vulnerability
High
CVE-2024-40420
was published
for
opencart/opencart
(Composer)
Jul 17, 2024
Studio 42 elFinder vulnerable to Incorrect Access Control
High
CVE-2024-38909
was published
for
studio-42/elfinder
(Composer)
Jul 30, 2024
Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag
High
CVE-2024-42355
was published
for
shopware/core
(Composer)
Aug 8, 2024
Shopware vulnerable to Server Side Template Injection in Twig using Context functions
High
CVE-2024-42356
was published
for
shopware/core
(Composer)
Aug 8, 2024
Shopware vulnerable to blind SQL-injection in DAL aggregations
High
CVE-2024-42357
was published
for
shopware/core
(Composer)
Aug 8, 2024
Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint
High
CVE-2024-42485
was published
for
pxlrbt/filament-excel
(Composer)
Aug 12, 2024
Persistent Cross-site Scripting in Ibexa RichText Field Type
High
CVE-2024-43369
was published
for
ibexa/fieldtype-richtext
(Composer)
Aug 14, 2024
Persistent Cross-site Scripting in eZ Platform Rich Text Field Type
High
CVE-2024-43372
was published
for
ezsystems/ezplatform-richtext
(Composer)
Aug 14, 2024
Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD>
High
GHSA-34qg-65m4-f23m
was published
for
froxlor/froxlor
(Composer)
Aug 23, 2024
Kirby has insufficient permission checks in the language settings
High
CVE-2024-41964
was published
for
getkirby/cms
(Composer)
Aug 29, 2024
XXE in PHPSpreadsheet encoding is returned
High
CVE-2024-45048
was published
for
phpoffice/phpspreadsheet
(Composer)
Aug 29, 2024
ProTip!
Advisories are also available from the
GraphQL API