GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
4,274 advisories
Filter by severity
Redaxo Core CMS Cross Site Scripting (XSS)
Moderate
CVE-2024-50803
was published
for
redaxo/source
(Composer)
Nov 19, 2024
CSRF leading to delete account in wallabag/wallabag
Moderate
CVE-2023-0737
was published
for
wallabag/wallabag
(Composer)
Nov 15, 2024
Cross Site Scripting vulnerability in Snipe-IT
High
CVE-2024-51093
was published
for
snipe/snipe-it
(Composer)
Nov 12, 2024
moodle: Some users can delete audiences of other reports
Moderate
CVE-2024-48898
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
Moodle leaks user names
Moderate
CVE-2024-48896
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
XXE in PHPSpreadsheet's XLSX reader
High
CVE-2024-48917
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 18, 2024
Improper Restriction of XML External Entity Reference in dompdf/dompdf
Critical
CVE-2021-3902
was published
for
dompdf/dompdf
(Composer)
Nov 15, 2024
Deserialization of Untrusted Data in dompdf/dompdf
Critical
CVE-2021-3838
was published
for
dompdf/dompdf
(Composer)
Nov 15, 2024
FileManager Deserialization of Untrusted Data vulnerability
High
CVE-2024-52306
was published
for
backpack/filemanager
(Composer)
Nov 13, 2024
XmlScanner bypass leads to XXE
High
CVE-2024-47873
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 18, 2024
Mautic has insufficient authentication in upgrade flow
Moderate
CVE-2024-47051
was published
for
mautic/core
(Composer)
Sep 18, 2024
auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped
Moderate
CVE-2024-45592
was published
for
damienharper/auditor-bundle
(Composer)
Sep 10, 2024
Shopware vulnerable to blind SQL-injection in DAL aggregations
Moderate
CVE-2024-42357
was published
for
shopware/core
(Composer)
Aug 8, 2024
ICEcoder vulnerable to Cross Site Scripting
High
CVE-2024-41374
was published
for
icecoder/icecoder
(Composer)
Jul 26, 2024
ICEcoder vulnerable to Cross Site Scripting
High
CVE-2024-41375
was published
for
icecoder/icecoder
(Composer)
Jul 26, 2024
Dolibarr ERP CRM vulnerable to remote code execution (RCE)
High
CVE-2024-40137
was published
for
dolibarr/dolibarr
(Composer)
Jul 24, 2024
ProcessWire Cross Site Request Forgery vulnerability
Low
CVE-2024-41597
was published
for
processwire/processwire
(Composer)
Jul 19, 2024
Automad arbitrary file upload vulnerability
High
CVE-2024-40400
was published
for
automad/automad
(Composer)
Jul 19, 2024
EGroupware mishandles an ORDER BY clause
High
CVE-2024-40614
was published
for
egroupware/egroupware
(Composer)
Jul 7, 2024
Arbitrary File Creation in opencart
High
CVE-2024-21519
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
Moodle HTTP authorization header is preserved between "emulated redirects"
Moderate
CVE-2024-38275
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
Magento Open Source Improper Authentication vulnerability
Critical
CVE-2024-34103
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
High
CVE-2024-34005
was published
for
moodle/moodle
(Composer)
May 31, 2024
SQL Injection vulnerability in Reportico Till
High
CVE-2023-47438
was published
for
reportico-web/reportico
(Composer)
Mar 28, 2024
Cross-Site Request Forgery in Anchor CMS
Moderate
CVE-2024-29338
was published
for
anchorcms/anchor-cms
(Composer)
Mar 22, 2024
ProTip!
Advisories are also available from the
GraphQL API