Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,986
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,124
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,986 advisories

Loading
openCart Server-Side Template Injection (SSTI) vulnerability High
CVE-2024-40420 was published for opencart/opencart (Composer) Jul 17, 2024
Silverstripe uses TinyMCE which allows svg files linked in object tags Moderate
GHSA-52cw-pvq9-9m5v was published for silverstripe/framework (Composer) Jul 17, 2024
Sylius has a security vulnerability via adjustments API endpoint High
CVE-2024-40633 was published for sylius/sylius (Composer) Jul 17, 2024
Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload Moderate
CVE-2024-32981 was published for silverstripe/framework (Composer) Jul 17, 2024
Silverstripe Reports are still accessible even when `canView()` returns false Moderate
CVE-2024-29885 was published for silverstripe/reports (Composer) Jul 17, 2024
TorrentPier Deserialization of Untrusted Data vulnerability Critical
CVE-2024-40624 was published for torrentpier/torrentpier (Composer) Jul 15, 2024
swapgs
The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames Moderate
CVE-2024-39912 was published for web-auth/webauthn-framework (Composer) Jul 15, 2024
marcriemer
Login by Auth0 plugin for WordPress vulnerable to Reflected Cross-Site Scripting Moderate
CVE-2023-6813 was published for auth0/wordpress (Composer) Jul 11, 2024
PrivateBin allows shortening of URLs for other domains Moderate
CVE-2024-39899 was published for privatebin/privatebin (Composer) Jul 10, 2024
nbxiglk0
Duplicate Advisory: Login by Auth0 plugin for WordPress vulnerable to Reflected Cross-Site Scripting Moderate
GHSA-52jw-f3jq-hhwg was published for auth0/wordpress (Composer) Jul 10, 2024 withdrawn
BookStack Incorrect Access Control vulnerability High
CVE-2024-36676 was published for ssddanbrown/bookstack (Composer) Jul 10, 2024
EGroupware mishandles an ORDER BY clause Moderate
CVE-2024-40614 was published for egroupware/egroupware (Composer) Jul 7, 2024
blitzdose
ai-controller-frontend payment status in basket isn't reset Moderate
CVE-2024-39325 was published for aimeos/ai-controller-frontend (Composer) Jul 5, 2024
ssshah2131
ShopXO Server-Side Request Forgery Vulnerability Moderate
CVE-2024-6524 was published for shopxo/shopxo (Composer) Jul 5, 2024
aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records Moderate
CVE-2024-39322 was published for aimeos/ai-admin-jsonadm (Composer) Jul 2, 2024
ssshah2131
aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services Low
CVE-2024-39324 was published for aimeos/ai-admin-graphql (Composer) Jul 2, 2024
ssshah2131
aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account High
CVE-2024-39323 was published for aimeos/ai-admin-graphql (Composer) Jul 2, 2024
ssshah2131
Name confusion in x509 Subject Alternative Name fields High
CVE-2023-52892 was published for phpseclib/phpseclib (Composer) Jun 28, 2024
October System module has an Open Redirect for Administrator Accounts Low
CVE-2024-24764 was published for october/system (Composer) Jun 26, 2024
October System module has a Reflected XSS via X-October-Request-Handler Header Low
CVE-2024-25637 was published for october/system (Composer) Jun 26, 2024
Craft CMS SQL injection vulnerability via the GraphQL API endpoint Critical
CVE-2024-37843 was published for craftcms/cms (Composer) Jun 25, 2024
Aimeos HTML client may potentially reveal sensitive information in error log High
CVE-2024-38516 was published for aimeos/ai-client-html (Composer) Jun 25, 2024
ssshah2131
Zip slip in opencart High
CVE-2024-21518 was published for opencart/opencart (Composer) Jun 22, 2024
Arbitrary File Creation in opencart Moderate
CVE-2024-21519 was published for opencart/opencart (Composer) Jun 22, 2024
Cross site scripting in opencart Moderate
CVE-2024-21515 was published for opencart/opencart (Composer) Jun 22, 2024
ProTip! Advisories are also available from the GraphQL API