GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,329 advisories
Filter by severity
Microweber Cross Site Scripting (XSS) vulnerability
Moderate
CVE-2024-41381
was published
for
microweber/microweber
(Composer)
Aug 5, 2024
Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs
Moderate
CVE-2024-41676
was published
for
openmage/magento-lts
(Composer)
Jul 29, 2024
ProcessWire Cross Site Request Forgery vulnerability
Moderate
CVE-2024-41597
was published
for
processwire/processwire
(Composer)
Jul 19, 2024
Magento Open Source Incorrect Authorization vulnerability
Moderate
CVE-2024-34106
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
Magento Open Source Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-34105
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
Moderate
CVE-2024-34111
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
Magento Open Source Improper Access Control vulnerability
Moderate
CVE-2024-34107
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
ShopXO Server-Side Request Forgery Vulnerability
Moderate
CVE-2024-6524
was published
for
shopxo/shopxo
(Composer)
Jul 5, 2024
Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel
Moderate
CVE-2024-34349
was published
for
sylius/sylius
(Composer)
May 10, 2024
Microweber Reflected Cross-site scripting (XSS) vulnerability
Moderate
CVE-2024-40101
was published
for
microweber/microweber
(Composer)
Aug 6, 2024
Microweber Cross Site Scripting (XSS) vulnerability
Moderate
CVE-2024-41380
was published
for
microweber/microweber
(Composer)
Aug 5, 2024
dcat-admin Cross Site Scripting vulnerability
Moderate
CVE-2024-29644
was published
for
dcat/laravel-admin
(Composer)
Mar 26, 2024
Bootstrap vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2018-14040
was published
for
bootstrap
(RubyGems)
May 13, 2022
bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-20677
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14042
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2016-10735
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
XSS vulnerability that affects bootstrap
Moderate
CVE-2018-20676
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Craft CMS Allows TOTP Token To Stay Valid After Use
Moderate
CVE-2024-41800
was published
for
craftcms/cms
(Composer)
Jul 25, 2024
Arbitrary File Creation in opencart
Moderate
CVE-2024-21519
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
Reflected Cross Site-Scripting (XSS) in Oveleon Cookiebar
Moderate
GHSA-296q-rj83-g9rq
was published
for
oveleon/contao-cookiebar
(Composer)
Jul 26, 2024
Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain places
Moderate
CVE-2024-41709
was published
for
backdrop/backdrop
(Composer)
Jul 22, 2024
Moodle uses the same key for QR login and auto-login
Moderate
CVE-2024-38277
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
Moodle CSRF risks due to misuse of confirm_sesskey
Moderate
CVE-2024-38276
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
Moodle stored XSS via calendar's event title when deleting the event
Moderate
CVE-2024-38274
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames
Moderate
CVE-2024-39912
was published
for
web-auth/webauthn-framework
(Composer)
Jul 15, 2024
ProTip!
Advisories are also available from the
GraphQL API