GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,028
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,157
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
4,028 advisories
Filter by severity
Moodle ReCAPTCHA can be bypassed on the login page
High
CVE-2024-34009
was published
for
moodle/moodle
(Composer)
May 31, 2024
Winter CMS Server-Side Template Injection (SSTI) vulnerability
High
CVE-2024-29686
was published
for
wintercms/winter
(Composer)
Mar 29, 2024
RaspAP allows an attacker to escalate privileges
Critical
CVE-2024-41637
was published
for
billz/raspap-webgui
(Composer)
Jul 29, 2024
Dolibarr ERP CRM vulnerable to remote code execution (RCE)
Moderate
CVE-2024-40137
was published
for
dolibarr/dolibarr
(Composer)
Jul 24, 2024
openCart Server-Side Template Injection (SSTI) vulnerability
High
CVE-2024-40420
was published
for
opencart/opencart
(Composer)
Jul 17, 2024
Craft CMS SQL injection vulnerability via the GraphQL API endpoint
Critical
CVE-2024-37843
was published
for
craftcms/cms
(Composer)
Jun 25, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
Moderate
CVE-2024-34005
was published
for
moodle/moodle
(Composer)
May 31, 2024
phpseclib a large prime can cause a denial of service
High
CVE-2024-27354
was published
for
phpseclib/phpseclib
(Composer)
Mar 2, 2024
Bagist Cross-site Scripting vulnerability
Moderate
CVE-2024-27499
was published
for
bagisto/bagisto
(Composer)
Mar 1, 2024
ICEcoder Path Traversal vulnerability
Moderate
CVE-2024-41373
was published
for
icecoder/icecoder
(Composer)
Jul 26, 2024
ICEcoder vulnerable to Cross Site Scripting
Moderate
CVE-2024-41374
was published
for
icecoder/icecoder
(Composer)
Jul 26, 2024
Bagisto Cross-Site Request Forgery vulnerability
High
CVE-2023-36237
was published
for
bagisto/bagisto
(Composer)
Feb 27, 2024
Cross-site Scripting in Backdrop CMS
Moderate
CVE-2023-31045
was published
for
backdrop/backdrop
(Composer)
Apr 24, 2023
FriendlyCaptcha Plugin for TYPO3 Captcha Check Bypass
Moderate
CVE-2024-38873
was published
for
studiomitte/friendlycaptcha
(Composer)
Jun 21, 2024
events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability
Moderate
CVE-2024-38874
was published
for
jweiland/events2
(Composer)
Jun 21, 2024
eZ Platform Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget
Moderate
GHSA-gc5h-6jx9-q2qh
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
Jul 31, 2024
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14041
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
Bootstrap Vulnerable to Cross-Site Scripting
Moderate
CVE-2019-8331
was published
for
Bootstrap.Less
(RubyGems)
Feb 22, 2019
Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload
Moderate
CVE-2024-32981
was published
for
silverstripe/framework
(Composer)
Jul 17, 2024
Silverstripe uses TinyMCE which allows svg files linked in object tags
Moderate
GHSA-52cw-pvq9-9m5v
was published
for
silverstripe/framework
(Composer)
Jul 17, 2024
Silverstripe Reports are still accessible even when `canView()` returns false
Moderate
CVE-2024-29885
was published
for
silverstripe/reports
(Composer)
Jul 17, 2024
PrivateBin allows shortening of URLs for other domains
Moderate
CVE-2024-39899
was published
for
privatebin/privatebin
(Composer)
Jul 10, 2024
Ibexa Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget
Moderate
CVE-2024-39318
was published
for
ibexa/admin-ui
(Composer)
Jul 31, 2024
Unsafe Reflection in base Component class in yiisoft/yii2
High
CVE-2024-4990
was published
for
yiisoft/yii2
(Composer)
Jun 2, 2024
Login by Auth0 plugin for WordPress vulnerable to Reflected Cross-Site Scripting
Moderate
CVE-2023-6813
was published
for
auth0/wordpress
(Composer)
Jul 11, 2024
ProTip!
Advisories are also available from the
GraphQL API