Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

4,023 advisories

Loading
Pimcore vulnerable to disclosure of system and database information behind /admin firewall Moderate
CVE-2024-41109 was published for pimcore/admin-ui-classic-bundle (Composer) Jul 30, 2024
mysliwietzflorian
Studio 42 elFinder vulnerable to Incorrect Access Control High
CVE-2024-38909 was published for studio-42/elfinder (Composer) Jul 30, 2024
BookStack Incorrect Access Control vulnerability High
CVE-2024-36676 was published for ssddanbrown/bookstack (Composer) Jul 10, 2024
Login by Auth0 plugin for WordPress vulnerable to Reflected Cross-Site Scripting Moderate
CVE-2023-6813 was published for auth0/wordpress (Composer) Jul 11, 2024
Unsafe Reflection in base Component class in yiisoft/yii2 High
CVE-2024-4990 was published for yiisoft/yii2 (Composer) Jun 2, 2024
zonia3000 mtangoo
iBotPeaches rob006
Ibexa Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget Moderate
CVE-2024-39318 was published for ibexa/admin-ui (Composer) Jul 31, 2024
4rdr
PrivateBin allows shortening of URLs for other domains Moderate
CVE-2024-39899 was published for privatebin/privatebin (Composer) Jul 10, 2024
nbxiglk0
Silverstripe uses TinyMCE which allows svg files linked in object tags Moderate
GHSA-52cw-pvq9-9m5v was published for silverstripe/framework (Composer) Jul 17, 2024
Silverstripe Reports are still accessible even when `canView()` returns false Moderate
CVE-2024-29885 was published for silverstripe/reports (Composer) Jul 17, 2024
Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload Moderate
CVE-2024-32981 was published for silverstripe/framework (Composer) Jul 17, 2024
Bootstrap Vulnerable to Cross-Site Scripting Moderate
CVE-2019-8331 was published for Bootstrap.Less (RubyGems) Feb 22, 2019
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-14041 was published for bootstrap (RubyGems) Sep 13, 2018
jenhae
eZ Platform Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget Moderate
GHSA-gc5h-6jx9-q2qh was published for ezsystems/ezplatform-admin-ui (Composer) Jul 31, 2024
4rdr
events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability Moderate
CVE-2024-38874 was published for jweiland/events2 (Composer) Jun 21, 2024
iepn
FriendlyCaptcha Plugin for TYPO3 Captcha Check Bypass Moderate
CVE-2024-38873 was published for studiomitte/friendlycaptcha (Composer) Jun 21, 2024
Cross-site Scripting in Backdrop CMS Moderate
CVE-2023-31045 was published for backdrop/backdrop (Composer) Apr 24, 2023
Bagisto Cross-Site Request Forgery vulnerability High
CVE-2023-36237 was published for bagisto/bagisto (Composer) Feb 27, 2024
ICEcoder vulnerable to Cross Site Scripting Moderate
CVE-2024-41374 was published for icecoder/icecoder (Composer) Jul 26, 2024
Concrete CMS vulnerable to Stored Cross-site Scripting Low
CVE-2024-4353 was published for concrete5/concrete5 (Composer) Aug 1, 2024
ICEcoder Path Traversal vulnerability Moderate
CVE-2024-41373 was published for icecoder/icecoder (Composer) Jul 26, 2024
Bagist Cross-site Scripting vulnerability Moderate
CVE-2024-27499 was published for bagisto/bagisto (Composer) Mar 1, 2024
phpseclib a large prime can cause a denial of service High
CVE-2024-27354 was published for phpseclib/phpseclib (Composer) Mar 2, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments Moderate
CVE-2024-34005 was published for moodle/moodle (Composer) May 31, 2024
Craft CMS SQL injection vulnerability via the GraphQL API endpoint Critical
CVE-2024-37843 was published for craftcms/cms (Composer) Jun 25, 2024
openCart Server-Side Template Injection (SSTI) vulnerability High
CVE-2024-40420 was published for opencart/opencart (Composer) Jul 17, 2024
ProTip! Advisories are also available from the GraphQL API