Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

4,023 advisories

Loading
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2016-10735 was published for bootstrap (RubyGems) Jan 17, 2019
roka-actico
XSS vulnerability that affects bootstrap Moderate
CVE-2018-20676 was published for bootstrap (RubyGems) Jan 17, 2019
tdunlap607
Craft CMS Allows TOTP Token To Stay Valid After Use Moderate
CVE-2024-41800 was published for craftcms/cms (Composer) Jul 25, 2024
FabianTUW
Arbitrary File Creation in opencart Moderate
CVE-2024-21519 was published for opencart/opencart (Composer) Jun 22, 2024
Reflected Cross Site-Scripting (XSS) in Oveleon Cookiebar Moderate
GHSA-296q-rj83-g9rq was published for oveleon/contao-cookiebar (Composer) Jul 26, 2024
usdResponsibleDisclosure
Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain places Moderate
CVE-2024-41709 was published for backdrop/backdrop (Composer) Jul 22, 2024
Moodle uses the same key for QR login and auto-login Moderate
CVE-2024-38277 was published for moodle/moodle (Composer) Jun 18, 2024
Moodle stored XSS via calendar's event title when deleting the event Moderate
CVE-2024-38274 was published for moodle/moodle (Composer) Jun 18, 2024
Moodle CSRF risks due to misuse of confirm_sesskey Moderate
CVE-2024-38276 was published for moodle/moodle (Composer) Jun 18, 2024
TorrentPier Deserialization of Untrusted Data vulnerability Critical
CVE-2024-40624 was published for torrentpier/torrentpier (Composer) Jul 15, 2024
swapgs
The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames Moderate
CVE-2024-39912 was published for web-auth/webauthn-framework (Composer) Jul 15, 2024
marcriemer
Dolibarr arbitrary file upload vulnerability High
CVE-2024-37821 was published for dolibarr/dolibarr (Composer) Jun 18, 2024
Zip slip in opencart High
CVE-2024-21518 was published for opencart/opencart (Composer) Jun 22, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option Moderate
CVE-2024-38356 was published for TinyMCE (Composer) Jun 19, 2024
Moodle HTTP authorization header is preserved between "emulated redirects" High
CVE-2024-38275 was published for moodle/moodle (Composer) Jun 18, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements Moderate
CVE-2024-38357 was published for TinyMCE (Composer) Jun 19, 2024
Malav-MK
ICEcoder vulnerable to Cross Site Scripting Moderate
CVE-2024-41375 was published for icecoder/icecoder (Composer) Jul 26, 2024
Webtrees Path Traversal vulnerability Moderate
CVE-2024-22723 was published for fisharebest/webtrees (Composer) Feb 28, 2024
Cross-Site Request Forgery in Anchor CMS High
CVE-2024-29338 was published for anchorcms/anchor-cms (Composer) Mar 22, 2024
Moodle ReCAPTCHA can be bypassed on the login page High
CVE-2024-34009 was published for moodle/moodle (Composer) May 31, 2024
Winter CMS Server-Side Template Injection (SSTI) vulnerability High
CVE-2024-29686 was published for wintercms/winter (Composer) Mar 29, 2024
RaspAP allows an attacker to escalate privileges Critical
CVE-2024-41637 was published for billz/raspap-webgui (Composer) Jul 29, 2024
Dolibarr ERP CRM vulnerable to remote code execution (RCE) Moderate
CVE-2024-40137 was published for dolibarr/dolibarr (Composer) Jul 24, 2024
openCart Server-Side Template Injection (SSTI) vulnerability High
CVE-2024-40420 was published for opencart/opencart (Composer) Jul 17, 2024
Craft CMS SQL injection vulnerability via the GraphQL API endpoint Critical
CVE-2024-37843 was published for craftcms/cms (Composer) Jun 25, 2024
ProTip! Advisories are also available from the GraphQL API