GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,678
NuGet
645
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,384 advisories
Filter by severity
ICEcoder vulnerable to Cross Site Scripting
Moderate
CVE-2024-41375
was published
for
icecoder/icecoder
(Composer)
Jul 26, 2024
Reflected Cross Site-Scripting (XSS) in Oveleon Cookiebar
Moderate
CVE-2024-47069
was published
for
oveleon/contao-cookiebar
(Composer)
Jul 26, 2024
Craft CMS Allows TOTP Token To Stay Valid After Use
Moderate
CVE-2024-41800
was published
for
craftcms/cms
(Composer)
Jul 25, 2024
Dolibarr ERP CRM vulnerable to remote code execution (RCE)
Moderate
CVE-2024-40137
was published
for
dolibarr/dolibarr
(Composer)
Jul 24, 2024
Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain places
Moderate
CVE-2024-41709
was published
for
backdrop/backdrop
(Composer)
Jul 22, 2024
ProcessWire Cross Site Request Forgery vulnerability
Moderate
CVE-2024-41597
was published
for
processwire/processwire
(Composer)
Jul 19, 2024
Automad arbitrary file upload vulnerability
Moderate
CVE-2024-40400
was published
for
automad/automad
(Composer)
Jul 19, 2024
Silverstripe uses TinyMCE which allows svg files linked in object tags
Moderate
GHSA-52cw-pvq9-9m5v
was published
for
silverstripe/framework
(Composer)
Jul 17, 2024
Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload
Moderate
CVE-2024-32981
was published
for
silverstripe/framework
(Composer)
Jul 17, 2024
Silverstripe Reports are still accessible even when `canView()` returns false
Moderate
CVE-2024-29885
was published
for
silverstripe/reports
(Composer)
Jul 17, 2024
The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames
Moderate
CVE-2024-39912
was published
for
web-auth/webauthn-framework
(Composer)
Jul 15, 2024
Login by Auth0 plugin for WordPress vulnerable to Reflected Cross-Site Scripting
Moderate
CVE-2023-6813
was published
for
auth0/wordpress
(Composer)
Jul 11, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6484
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6531
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
PrivateBin allows shortening of URLs for other domains
Moderate
CVE-2024-39899
was published
for
privatebin/privatebin
(Composer)
Jul 10, 2024
Duplicate Advisory: Login by Auth0 plugin for WordPress vulnerable to Reflected Cross-Site Scripting
Moderate
GHSA-52jw-f3jq-hhwg
was published
for
auth0/wordpress
(Composer)
Jul 10, 2024
•
withdrawn
EGroupware mishandles an ORDER BY clause
Moderate
CVE-2024-40614
was published
for
egroupware/egroupware
(Composer)
Jul 7, 2024
ai-controller-frontend payment status in basket isn't reset
Moderate
CVE-2024-39325
was published
for
aimeos/ai-controller-frontend
(Composer)
Jul 5, 2024
ShopXO Server-Side Request Forgery Vulnerability
Moderate
CVE-2024-6524
was published
for
shopxo/shopxo
(Composer)
Jul 5, 2024
aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records
Moderate
CVE-2024-39322
was published
for
aimeos/ai-admin-jsonadm
(Composer)
Jul 2, 2024
Arbitrary File Creation in opencart
Moderate
CVE-2024-21519
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
Cross site scripting in opencart
Moderate
CVE-2024-21516
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
Cross site scripting in opencart
Moderate
CVE-2024-21515
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
Cross site scripting in opencart
Moderate
CVE-2024-21517
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability
Moderate
CVE-2024-38874
was published
for
jweiland/events2
(Composer)
Jun 21, 2024
ProTip!
Advisories are also available from the
GraphQL API