GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,961
Composer 4,055
Erlang 29
GitHub Actions 19
Go 1,889
Maven 5,076
npm 3,605
NuGet 638
pip 3,208
Pub 10
RubyGems 852
Rust 816
Swift 35

Unreviewed advisories

All unreviewed 227,357

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

2,329 advisories

Filter by severity

Sort by

Least recently updated

Craft CMS vulnerable to stored XSS in breadcrumb list and title fields Moderate

CVE-2024-45406 was published for craftcms/cms (Composer) Sep 9, 2024

Httpful is Missing Certificate Validation Moderate

GHSA-gcfg-hmwx-wq5h was published for nategood/httpful (Composer) Sep 9, 2024

Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate

CVE-2024-6531 was published for bootstrap (RubyGems) Jul 11, 2024

SQL Injection vulnerability in Reportico Till Moderate

CVE-2023-47438 was published for reportico-web/reportico (Composer) Mar 28, 2024

PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style information Moderate

CVE-2024-45046 was published for phpoffice/phpspreadsheet (Composer) Aug 29, 2024

FeehiCMS User[avatar] unrestricted upload Moderate

CVE-2024-8296 was published for feehi/cms (Composer) Aug 29, 2024

FeehiCMS BannerForm[img] unrestricted upload Moderate

CVE-2024-8295 was published for feehi/cms (Composer) Aug 29, 2024

FeehiCMS file upload vulnerability Moderate

CVE-2024-8294 was published for feehi/cms (Composer) Aug 29, 2024

"powermail" (powermail) Insecure Direct Object Reference (IDOR) Moderate

CVE-2024-45232 was published for in2code/powermail (Composer) Aug 29, 2024

Powermail TYPO3 extension Broken Access Control in the OutputController Moderate

CVE-2024-45233 was published for in2code/powermail (Composer) Aug 29, 2024

Automad Cross-site Scripting vulnerability Moderate

CVE-2024-40111 was published for automad/automad (Composer) Aug 23, 2024 • withdrawn

Withdrawn Advisory: Unrestricted File Upload affecting automad Moderate

CVE-2023-7036 was published for automad/automad (Composer) Dec 21, 2023 • withdrawn

Bolt CMS Cross-site Scripting vulnerability Moderate

CVE-2024-7300 was published for bolt/bolt (Composer) Jul 31, 2024

Automad arbitrary file upload vulnerability Moderate

CVE-2024-40400 was published for automad/automad (Composer) Jul 19, 2024

TCPDF Cross-site Scripting vulnerability Moderate

CVE-2024-32489 was published for tecnickcom/tcpdf (Composer) Apr 15, 2024

Cross-Site Request Forgery (CSRF) in automad/automad Moderate

CVE-2023-7038 was published for automad/automad (Composer) Dec 21, 2023

Cross site scripting in automad/automad Moderate

CVE-2021-37502 was published for automad/automad (Composer) Feb 3, 2023

ThinkPHP Cross-Site Scripting Vulnerability Moderate

CVE-2024-34467 was published for topthink/framework (Composer) May 4, 2024

Enhavo Cross-site Scripting vulnerability Moderate

CVE-2024-25875 was published for enhavo/enhavo-app (Composer) Feb 22, 2024

Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate

CVE-2024-6484 was published for bootstrap (RubyGems) Jul 11, 2024

Cross site scripting in moodle Moderate

CVE-2024-29374 was published for moodle/moodle (Composer) Mar 21, 2024

Duplicate Advisory: Kirby vulnerable to self cross-site scripting (self-XSS) in the URL field Moderate

GHSA-w879-mxj5-c3wf was published for getkirby/cms (Composer) Feb 22, 2024 • withdrawn

Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api Moderate

CVE-2024-42354 was published for shopware/core (Composer) Aug 8, 2024

Pimcore vulnerable to disclosure of system and database information behind /admin firewall Moderate

CVE-2024-41109 was published for pimcore/admin-ui-classic-bundle (Composer) Jul 30, 2024

EGroupware mishandles an ORDER BY clause Moderate

CVE-2024-40614 was published for egroupware/egroupware (Composer) Jul 7, 2024

Previous 1 2 3 4 5 … 93 94 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

2,329 advisories