GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,477
Composer 3,978
Erlang 29
GitHub Actions 16
Go 1,768
Maven 4,991
npm 3,537
NuGet 616
pip 3,107
Pub 10
RubyGems 837
Rust 786
Swift 34

Unreviewed advisories

All unreviewed 222,644

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

2,289 advisories

Filter by severity

Sort by

Least recently updated

CVE-2023-6813 was published for auth0/wordpress (Composer) Jul 11, 2024

PrivateBin allows shortening of URLs for other domains Moderate

CVE-2024-39899 was published for privatebin/privatebin (Composer) Jul 10, 2024

Duplicate Advisory: Login by Auth0 plugin for WordPress vulnerable to Reflected Cross-Site Scripting Moderate

GHSA-52jw-f3jq-hhwg was published for auth0/wordpress (Composer) Jul 10, 2024 • withdrawn

EGroupware mishandles an ORDER BY clause Moderate

CVE-2024-40614 was published for egroupware/egroupware (Composer) Jul 7, 2024

ai-controller-frontend payment status in basket isn't reset Moderate

CVE-2024-39325 was published for aimeos/ai-controller-frontend (Composer) Jul 5, 2024

ShopXO Server-Side Request Forgery Vulnerability Moderate

CVE-2024-6524 was published for shopxo/shopxo (Composer) Jul 5, 2024

aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records Moderate

CVE-2024-39322 was published for aimeos/ai-admin-jsonadm (Composer) Jul 2, 2024

Arbitrary File Creation in opencart Moderate

CVE-2024-21519 was published for opencart/opencart (Composer) Jun 22, 2024

Cross site scripting in opencart Moderate

CVE-2024-21515 was published for opencart/opencart (Composer) Jun 22, 2024

Cross site scripting in opencart Moderate

CVE-2024-21517 was published for opencart/opencart (Composer) Jun 22, 2024

Cross site scripting in opencart Moderate

CVE-2024-21516 was published for opencart/opencart (Composer) Jun 22, 2024

events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability Moderate

CVE-2024-38874 was published for jweiland/events2 (Composer) Jun 21, 2024

FriendlyCaptcha Plugin for TYPO3 Captcha Check Bypass Moderate

CVE-2024-38873 was published for studiomitte/friendlycaptcha (Composer) Jun 21, 2024

TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option Moderate

CVE-2024-38356 was published for TinyMCE (Composer) Jun 19, 2024

TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements Moderate

CVE-2024-38357 was published for TinyMCE (Composer) Jun 19, 2024

Moodle BigBlueButton web service leaks meeting joining information Moderate

CVE-2024-38273 was published for moodle/moodle (Composer) Jun 18, 2024

Moodle uses the same key for QR login and auto-login Moderate

CVE-2024-38277 was published for moodle/moodle (Composer) Jun 18, 2024

Moodle stored XSS via calendar's event title when deleting the event Moderate

CVE-2024-38274 was published for moodle/moodle (Composer) Jun 18, 2024

Moodle CSRF risks due to misuse of confirm_sesskey Moderate

CVE-2024-38276 was published for moodle/moodle (Composer) Jun 18, 2024

Firefly III has a MFA bypass in oauth flow Moderate

CVE-2024-37893 was published for grumpydictator/firefly-iii (Composer) Jun 17, 2024

WooCommerce has a Cross-Site Scripting Vulnerability in checkout & registration forms Moderate

CVE-2024-37297 was published for woocommerce/woocommerce (Composer) Jun 12, 2024

ua-parser/uap-php ReDoS vulnerability Moderate

GHSA-78hm-5hjw-58mh was published for ua-parser/uap-php (Composer) Jun 7, 2024

Zend-developer-tools information disclosure vulnerability Moderate

GHSA-qg7m-mwxm-j3h7 was published for zendframework/zend-developer-tools (Composer) Jun 7, 2024

Zend_Filter_StripTags vulnerable to Cross-site Scripting when comments allowed Moderate

GHSA-4vf6-mq7w-3hp6 was published for zendframework/zendframework1 (Composer) Jun 7, 2024

Zend-Diactoros URL Rewrite vulnerability Moderate

GHSA-fq4p-86hh-42v9 was published for zendframework/zend-diactoros (Composer) Jun 7, 2024

Previous 1 2 3 4 5 … 91 92 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

2,289 advisories