GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,436 advisories
Filter by severity
Drupal Full Path Disclosure
Moderate
CVE-2024-45440
was published
for
drupal/core
(Composer)
Aug 29, 2024
Fluid Components TYPO3 extension vulnerable to Cross-Site Scripting
Moderate
CVE-2023-28604
was published
for
sitegeist/fluid-components
(Composer)
Mar 27, 2023
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature
Moderate
CVE-2024-46998
was published
for
baserproject/basercms
(Composer)
Oct 24, 2024
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature
Moderate
CVE-2024-46996
was published
for
baserproject/basercms
(Composer)
Oct 24, 2024
Cross site scripting in ameos_tarteaucitron
Moderate
CVE-2022-33155
was published
for
ameos/ameos_tarteaucitron
(Composer)
Jul 13, 2022
Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled
Moderate
CVE-2024-49762
was published
for
pterodactyl/panel
(Composer)
Oct 24, 2024
ai-admin-graphql has a Denial of service vulnerability in SaaS and marketplace setups
Moderate
CVE-2024-47173
was published
for
aimeos/ai-admin-graphql
(Composer)
Oct 24, 2024
baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request
Moderate
CVE-2024-46995
was published
for
baserproject/basercms
(Composer)
Oct 24, 2024
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts and Contents list Feature
Moderate
CVE-2024-46994
was published
for
baserproject/basercms
(Composer)
Oct 24, 2024
derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module
Moderate
CVE-2024-24751
was published
for
derhansen/sf_event_mgt
(Composer)
Feb 13, 2024
Cross-site Scripting via uploaded SVG
Moderate
CVE-2024-47618
was published
for
sulu/sulu
(Composer)
Oct 3, 2024
Path traversal in redaxo
Moderate
CVE-2024-46212
was published
for
redaxo/source
(Composer)
Oct 16, 2024
Bref's Uploaded Files Not Deleted in Event-Driven Functions
Moderate
CVE-2024-24752
was published
for
bref/bref
(Composer)
Feb 1, 2024
Injection of arbitrary HTML/JavaScript code through the media download URL
Moderate
CVE-2024-47617
was published
for
sulu/sulu
(Composer)
Oct 3, 2024
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled
Moderate
CVE-2024-45291
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
LimeSurvey Cross Site Scripting vulnerability
Moderate
CVE-2024-28710
was published
for
limesurvey/limesurvey
(Composer)
Oct 7, 2024
Magento Open Source Improper Authorization vulnerability
Moderate
CVE-2024-45131
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Authorization vulnerability
Moderate
CVE-2024-45128
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-45116
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Input Validation vulnerability
Moderate
CVE-2024-45117
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Access Control vulnerability
Moderate
CVE-2024-45130
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Access Control vulnerability
Moderate
CVE-2024-45121
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Access Control vulnerability
Moderate
CVE-2024-45122
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source stored Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-45127
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-45123
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
ProTip!
Advisories are also available from the
GraphQL API