GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,679
NuGet
648
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
469 advisories
Filter by severity
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Critical
GHSA-7v68-3pr5-h3cr
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core Remote Code Execution
Critical
GHSA-6mgp-v5cm-ghg5
was published
for
drupal/core
(Composer)
May 15, 2024
Doctrine SQL injection vulnerability
Critical
GHSA-6q9v-4hq6-5m67
was published
for
doctrine/orm
(Composer)
May 15, 2024
contao/core Insufficient input validation allows for code injection and remote execution
Critical
GHSA-wxxw-5gq6-j2g5
was published
for
contao/core
(Composer)
May 15, 2024
codeigniter/framework SQL injection in ODBC database driver
Critical
GHSA-27qr-636m-wxg2
was published
for
codeigniter/framework
(Composer)
May 15, 2024
ADOdb SQL injection vulnerability
Critical
GHSA-h63c-xvpf-264j
was published
for
adodb/adodb-php
(Composer)
May 15, 2024
Mautic is vulnerable to XSS vulnerability
Critical
CVE-2020-35125
was published
for
mautic/core
(Composer)
May 15, 2024
PrestaShop cross-site scripting via customer contact form in FO, through file upload
Critical
CVE-2024-34716
was published
for
prestashop/prestashop
(Composer)
May 14, 2024
Cockpit CMS contains an arbitrary file upload vulenrability
Critical
CVE-2024-4825
was published
for
cockpit-hq/cockpit
(Composer)
May 14, 2024
Blind XSS Leading to Froxlor Application Compromise
Critical
CVE-2024-34070
was published
for
froxlor/froxlor
(Composer)
May 10, 2024
Zenario uses Twig filters insecurely in the Twig Snippet plugin
Critical
CVE-2024-34461
was published
for
tribalsystems/zenario
(Composer)
May 4, 2024
PHPECC vulnerable to multiple cryptographic side-channel attacks
Critical
GHSA-346h-749j-r28w
was published
for
mdanter/ecc
(Composer)
Apr 25, 2024
Zend Framework SQL injection vulnerability
Critical
CVE-2014-8089
was published
for
zendframework/zend-db
(Composer)
Apr 23, 2024
Drupal Core Remote Code Execution Vulnerability
Critical
CVE-2018-7602
was published
for
drupal/core
(Composer)
Apr 23, 2024
WWBN AVideo Remote Code Execution
Critical
CVE-2024-31819
was published
for
wwbn/avideo
(Composer)
Apr 10, 2024
Gleez Cms Server Side Request Forgery (SSRF) vulnerability
Critical
CVE-2021-27312
was published
for
gleez/cms
(Composer)
Apr 3, 2024
Remote Code Execution by uploading a phar file using frontmatter
Critical
CVE-2024-27923
was published
for
getgrav/grav
(Composer)
Mar 6, 2024
Shopware's session is persistent in Cache for 404 pages
Critical
CVE-2024-27917
was published
for
shopware/platform
(Composer)
Mar 6, 2024
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE
Critical
GHSA-97m3-52wr-xvv2
was published
for
phenx/php-svg-lib
(Composer)
Feb 22, 2024
Deserialization of Untrusted Data in Torrentpier
Critical
CVE-2024-1651
was published
for
torrentpier/torrentpier
(Composer)
Feb 20, 2024
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions
Critical
CVE-2024-25108
was published
for
pixelfed/pixelfed
(Composer)
Feb 12, 2024
Blind SQL injection in shopware
Critical
CVE-2024-22406
was published
for
shopware/core
(Composer)
Jan 17, 2024
Drupal Improper Access Control
Critical
CVE-2019-6342
was published
for
drupal/core
(Composer)
Jan 11, 2024
WWBN AVideo Insufficient Entropy vulnerbaility
Critical
CVE-2023-49599
was published
for
wwbn/avideo
(Composer)
Jan 10, 2024
plotly.js prototype pollution vulnerability
Critical
CVE-2023-46308
was published
for
plotly.js
(Composer)
Jan 3, 2024
ProTip!
Advisories are also available from the
GraphQL API