GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,261
Erlang
31
GitHub Actions
21
Go
2,024
Maven
5,000+
npm
3,729
NuGet
662
pip
3,407
Pub
12
RubyGems
890
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,146 advisories
Filter by severity
raspap-webgui vulnerable to denial of service
High
CVE-2024-28754
was published
for
billz/raspap-webgui
(Composer)
Mar 9, 2024
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (3rd time)
High
GHSA-h6j3-j35f-v2x7
was published
for
pocketmine/pocketmine-mp
(Composer)
Mar 6, 2024
PocketMine-MP BookEditPacket crash when inventory slot in the packet is invalid
High
GHSA-xc7j-wj36-qjfr
was published
for
pocketmine/pocketmine-mp
(Composer)
Mar 6, 2024
phpseclib a large prime can cause a denial of service
High
CVE-2024-27354
was published
for
phpseclib/phpseclib
(Composer)
Mar 2, 2024
phpseclib does not properly limit the ASN1 OID length
High
CVE-2024-27355
was published
for
phpseclib/phpseclib
(Composer)
Mar 2, 2024
Bagisto Cross-Site Request Forgery vulnerability
High
CVE-2023-36237
was published
for
bagisto/bagisto
(Composer)
Feb 27, 2024
Appwrite Directory Traversal vulnerability
High
CVE-2022-25377
was published
for
appwrite/server-ce
(Composer)
Feb 23, 2024
Withdrawn Advisory: Kirby CMS HTML injection vulnerability
High
CVE-2024-26482
was published
for
getkirby/cms
(Composer)
Feb 22, 2024
•
withdrawn
Pimcore Host Header Injection in user invitation link
High
CVE-2024-25625
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Feb 20, 2024
MantisBT Host Header Injection vulnerability
High
CVE-2024-23830
was published
for
mantisbt/mantisbt
(Composer)
Feb 20, 2024
Uncontrolled Resource Consumption in moodle
High
CVE-2024-25978
was published
for
moodle/moodle
(Composer)
Feb 19, 2024
Code injection in REDAXO
High
CVE-2024-25298
was published
for
redaxo/source
(Composer)
Feb 17, 2024
TYPO3 Install Tool vulnerable to Code Execution
High
CVE-2024-22188
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
High
CVE-2024-25121
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
October CMS Cross-site Scripting vulnerability
High
CVE-2023-25365
was published
for
october/october
(Composer)
Feb 9, 2024
Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php
High
CVE-2024-24821
was published
for
composer/composer
(Composer)
Feb 8, 2024
PHPMailer Shell command injection
High
CVE-2007-3215
was published
for
phpmailer/phpmailer
(Composer)
Feb 2, 2024
Statmic CMS vulnerable to account takeover via XSS and password reset link
High
CVE-2024-24570
was published
for
statamic/cms
(Composer)
Feb 1, 2024
livewire Cross-Site Request Forgery vulnerability
High
CVE-2024-22859
was published
for
livewire/livewire
(Composer)
Feb 1, 2024
•
withdrawn
Arbitrary Code Execution in Processwire
High
CVE-2023-24676
was published
for
processwire/processwire
(Composer)
Jan 24, 2024
Host header injection in the password reset
High
CVE-2024-23648
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Jan 24, 2024
SQL Injection in Admin download files as zip
High
CVE-2024-23646
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Jan 24, 2024
WWBN AVideo Improper Restriction of Excessive Authentication Attempts vulnerability
High
CVE-2023-49810
was published
for
wwbn/avideo
(Composer)
Jan 10, 2024
Froxlor username/surname AND company field Bypass
High
CVE-2023-50256
was published
for
froxlor/froxlor
(Composer)
Jan 4, 2024
ProTip!
Advisories are also available from the
GraphQL API