GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,726
Composer 4,023
Erlang 29
GitHub Actions 16
Go 1,830
Maven 5,045
npm 3,573
NuGet 632
pip 3,156
Pub 10
RubyGems 847
Rust 796
Swift 34

Unreviewed advisories

All unreviewed 224,724

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

4,023 advisories

Filter by severity

Sort by

Least recently updated

WooCommerce has a Cross-Site Scripting (XSS) Vulnerability in checkout & registration forms Moderate

CVE-2024-37297 was published for woocommerce/woocommerce (Composer) Jun 12, 2024

Moodle CSRF risk in analytics management of models High

CVE-2024-34008 was published for moodle/moodle (Composer) May 31, 2024

Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability Critical

CVE-2024-34102 was published for magento/community-edition (Composer) Jun 13, 2024

Duplicate Advisory: Login by Auth0 plugin for WordPress vulnerable to Reflected Cross-Site Scripting Moderate

GHSA-52jw-f3jq-hhwg was published for auth0/wordpress (Composer) Jul 10, 2024 • withdrawn

EGroupware mishandles an ORDER BY clause Moderate

CVE-2024-40614 was published for egroupware/egroupware (Composer) Jul 7, 2024

Reflected Cross-site Scripting in yiisoft/yii2 Debug mode Moderate

CVE-2024-32877 was published for yiisoft/yii2 (Composer) Jun 2, 2024

Shopware database password is leaked to an unauthenticated users High

CVE-2020-13997 was published for shopware/core (Composer) May 24, 2022

aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services Low

CVE-2024-39324 was published for aimeos/ai-admin-graphql (Composer) Jul 2, 2024

Moodle broken access control when setting calendar event type Moderate

CVE-2024-33996 was published for moodle/moodle (Composer) May 31, 2024

Moodle CSRF risk in admin preset tool management of presets High

CVE-2024-34001 was published for moodle/moodle (Composer) May 31, 2024

Moodle Authenticated LFI risk in some misconfigured shared hosting environments Moderate

CVE-2024-34003 was published for moodle/moodle (Composer) May 31, 2024

Moodle Unsanitized HTML in site log for config_log_created Moderate

CVE-2024-34006 was published for moodle/moodle (Composer) May 31, 2024

Reportico Web fails to invalidate cookies upon logout Moderate

CVE-2024-31556 was published for reportico-web/reportico (Composer) May 14, 2024

ai-controller-frontend payment status in basket isn't reset Moderate

CVE-2024-39325 was published for aimeos/ai-controller-frontend (Composer) Jul 5, 2024

aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records Moderate

CVE-2024-39322 was published for aimeos/ai-admin-jsonadm (Composer) Jul 2, 2024

Drupal Core Remote Code Execution Vulnerability Critical

CVE-2018-7602 was published for drupal/core (Composer) Apr 23, 2024

aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account High

CVE-2024-39323 was published for aimeos/ai-admin-graphql (Composer) Jul 2, 2024

Cross site scripting in opencart Moderate

CVE-2024-21516 was published for opencart/opencart (Composer) Jun 22, 2024

Zenario uses Twig filters insecurely in the Twig Snippet plugin Critical

CVE-2024-34461 was published for tribalsystems/zenario (Composer) May 4, 2024

Exposure of Resource to Wrong Sphere in ThinkPHP Framework High

CVE-2022-25481 was published for topthink/framework (Composer) Mar 22, 2022

Firefly III vulnerable to stored XSS Moderate

CVE-2019-13644 was published for grumpydictator/firefly-iii (Composer) May 24, 2022

Lavalite CMS Cross Site Scripting vulnerability Moderate

CVE-2024-31828 was published for lavalite/cms (Composer) Apr 27, 2024

Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder High

CVE-2021-27916 was published for mautic/core (Composer) Apr 12, 2024

Moodle BigBlueButton web service leaks meeting joining information Moderate

CVE-2024-38273 was published for moodle/moodle (Composer) Jun 18, 2024

October System module has a Reflected XSS via X-October-Request-Handler Header Low

CVE-2024-25637 was published for october/system (Composer) Jun 26, 2024

Previous 1 2 3 4 5 6 … 160 161 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

4,023 advisories