GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
4,023 advisories
Filter by severity
Dolibarr ERP CRM vulnerable to remote code execution (RCE)
Moderate
CVE-2024-40137
was published
for
dolibarr/dolibarr
(Composer)
Jul 24, 2024
RaspAP allows an attacker to escalate privileges
Critical
CVE-2024-41637
was published
for
billz/raspap-webgui
(Composer)
Jul 29, 2024
Winter CMS Server-Side Template Injection (SSTI) vulnerability
High
CVE-2024-29686
was published
for
wintercms/winter
(Composer)
Mar 29, 2024
Moodle ReCAPTCHA can be bypassed on the login page
High
CVE-2024-34009
was published
for
moodle/moodle
(Composer)
May 31, 2024
Cross-Site Request Forgery in Anchor CMS
High
CVE-2024-29338
was published
for
anchorcms/anchor-cms
(Composer)
Mar 22, 2024
Webtrees Path Traversal vulnerability
Moderate
CVE-2024-22723
was published
for
fisharebest/webtrees
(Composer)
Feb 28, 2024
ICEcoder vulnerable to Cross Site Scripting
Moderate
CVE-2024-41375
was published
for
icecoder/icecoder
(Composer)
Jul 26, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Moderate
CVE-2024-38356
was published
for
TinyMCE
(Composer)
Jun 19, 2024
Moodle HTTP authorization header is preserved between "emulated redirects"
High
CVE-2024-38275
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Moderate
CVE-2024-38357
was published
for
TinyMCE
(Composer)
Jun 19, 2024
Dolibarr arbitrary file upload vulnerability
High
CVE-2024-37821
was published
for
dolibarr/dolibarr
(Composer)
Jun 18, 2024
Zip slip in opencart
High
CVE-2024-21518
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames
Moderate
CVE-2024-39912
was published
for
web-auth/webauthn-framework
(Composer)
Jul 15, 2024
TorrentPier Deserialization of Untrusted Data vulnerability
Critical
CVE-2024-40624
was published
for
torrentpier/torrentpier
(Composer)
Jul 15, 2024
Moodle stored XSS via calendar's event title when deleting the event
Moderate
CVE-2024-38274
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
Moodle CSRF risks due to misuse of confirm_sesskey
Moderate
CVE-2024-38276
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
Moodle uses the same key for QR login and auto-login
Moderate
CVE-2024-38277
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain places
Moderate
CVE-2024-41709
was published
for
backdrop/backdrop
(Composer)
Jul 22, 2024
Reflected Cross Site-Scripting (XSS) in Oveleon Cookiebar
Moderate
GHSA-296q-rj83-g9rq
was published
for
oveleon/contao-cookiebar
(Composer)
Jul 26, 2024
Arbitrary File Creation in opencart
Moderate
CVE-2024-21519
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
Craft CMS Allows TOTP Token To Stay Valid After Use
Moderate
CVE-2024-41800
was published
for
craftcms/cms
(Composer)
Jul 25, 2024
XSS vulnerability that affects bootstrap
Moderate
CVE-2018-20676
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2016-10735
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14042
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-20677
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
ProTip!
Advisories are also available from the
GraphQL API