GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,140 advisories
Filter by severity
Appwrite Directory Traversal vulnerability
High
CVE-2022-25377
was published
for
appwrite/server-ce
(Composer)
Feb 23, 2024
Withdrawn Advisory: Kirby CMS HTML injection vulnerability
High
CVE-2024-26482
was published
for
getkirby/cms
(Composer)
Feb 22, 2024
•
withdrawn
Pimcore Host Header Injection in user invitation link
High
CVE-2024-25625
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Feb 20, 2024
MantisBT Host Header Injection vulnerability
High
CVE-2024-23830
was published
for
mantisbt/mantisbt
(Composer)
Feb 20, 2024
Uncontrolled Resource Consumption in moodle
High
CVE-2024-25978
was published
for
moodle/moodle
(Composer)
Feb 19, 2024
Code injection in REDAXO
High
CVE-2024-25298
was published
for
redaxo/source
(Composer)
Feb 17, 2024
TYPO3 Install Tool vulnerable to Code Execution
High
CVE-2024-22188
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
High
CVE-2024-25121
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
October CMS Cross-site Scripting vulnerability
High
CVE-2023-25365
was published
for
october/october
(Composer)
Feb 9, 2024
Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php
High
CVE-2024-24821
was published
for
composer/composer
(Composer)
Feb 8, 2024
PHPMailer Shell command injection
High
CVE-2007-3215
was published
for
phpmailer/phpmailer
(Composer)
Feb 2, 2024
Statmic CMS vulnerable to account takeover via XSS and password reset link
High
CVE-2024-24570
was published
for
statamic/cms
(Composer)
Feb 1, 2024
livewire Cross-Site Request Forgery vulnerability
High
CVE-2024-22859
was published
for
livewire/livewire
(Composer)
Feb 1, 2024
•
withdrawn
Arbitrary Code Execution in Processwire
High
CVE-2023-24676
was published
for
processwire/processwire
(Composer)
Jan 24, 2024
Host header injection in the password reset
High
CVE-2024-23648
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Jan 24, 2024
SQL Injection in Admin download files as zip
High
CVE-2024-23646
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Jan 24, 2024
WWBN AVideo Improper Restriction of Excessive Authentication Attempts vulnerability
High
CVE-2023-49810
was published
for
wwbn/avideo
(Composer)
Jan 10, 2024
Froxlor username/surname AND company field Bypass
High
CVE-2023-50256
was published
for
froxlor/froxlor
(Composer)
Jan 4, 2024
PrestaShop some attribute not escaped in Validate::isCleanHTML method
High
CVE-2024-21627
was published
for
prestashop/prestashop
(Composer)
Jan 3, 2024
MainWP Dashboard SQL Command Injection vulnerability
High
CVE-2023-38519
was published
for
mainwp/mainwp
(Composer)
Dec 20, 2023
Configuration Injection in extension "Direct Mail" (direct_mail)
High
CVE-2023-50461
was published
for
directmailteam/direct-mail
(Composer)
Dec 13, 2023
Magento LTS vulnerable to Stored XSS via TinyMCE WYSIWYG Editor
High
GHSA-9j5w-2cqc-cwj9
was published
for
openmage/magento-lts
(Composer)
Dec 8, 2023
Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method
High
CVE-2023-48122
was published
for
microweber/microweber
(Composer)
Dec 8, 2023
ThinkAdmin arbitrary file upload vulnerability
High
CVE-2023-48966
was published
for
zoujingli/thinkadmin
(Composer)
Dec 4, 2023
ProTip!
Advisories are also available from the
GraphQL API