Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

460 advisories

Loading
Shopware Remote Code Execution Vulnerability Critical
GHSA-7336-ghhp-f2qj was published for shopware/shopware (Composer) May 21, 2024
Shopware Remote Code Execution Vulnerability Critical
GHSA-q3g4-2vw9-xv27 was published for shopware/shopware (Composer) May 21, 2024
propel/propel1 SQL injection possible with limit() on MySQL Critical
GHSA-7g7c-qhf3-x59p was published for propel/propel1 (Composer) May 20, 2024
Propel2 SQL injection possible with limit() on MySQL Critical
GHSA-7vw7-qx38-37vr was published for propel/propel (Composer) May 20, 2024
Flow Swift Mailer package Remote code execution Critical
GHSA-rq6q-hjvh-5mwh was published for neos/swiftmailer (Composer) May 17, 2024
namshi/jose - Verification bypass Critical
GHSA-4rr6-gf59-ggw5 was published for namshi/jose (Composer) May 17, 2024
Magento Broken authentication and session managememt Critical
CVE-2019-8149 was published for magento/community-edition (Composer) May 24, 2022
Wikimedia MediaWiki Incorrect Access Control vulnerability Critical
CVE-2019-12468 was published for mediawiki/core (Composer) May 24, 2022
Magento RCE,XSS and other vulnerabilities Critical
GHSA-8j7c-682x-r9f2 was published for magento/community-edition (Composer) May 15, 2024
Magento remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities Critical
GHSA-5gmh-85x8-5cx7 was published for magento/community-edition (Composer) May 15, 2024
Magento Open Source Security Advisory: Patch SUPEE-10975 Critical
GHSA-cv25-3pxr-4q7x was published for magento/community-edition (Composer) May 15, 2024
Magento Patch SUPEE-9652 - Remote Code Execution using mail vulnerability Critical
GHSA-26hq-7286-mg8f was published for magento/community-edition (Composer) May 15, 2024
Magento Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities Critical
GHSA-6wm4-3rjj-c8xx was published for magento/community-edition (Composer) May 15, 2024
Magento Patch SUPEE-10752 - Multiple security enhancements vulnerabilities Critical
GHSA-prpf-cj87-hwvr was published for magento/community-edition (Composer) May 15, 2024
Laravel RCE vulnerability in "cookie" session driver Critical
GHSA-qm5c-m76r-2hfr was published for laravel/framework (Composer) May 15, 2024
Laravel RCE vulnerability in "cookie" session driver Critical
GHSA-2ffv-r4r9-r8xr was published for illuminate/cookie (Composer) May 15, 2024
gree/jose - "None" Algorithm treated as valid in tokens Critical
GHSA-9gxv-x7rp-r2hc was published for gree/jose (Composer) May 15, 2024
firebase/php-jwt: "None" Algorithm treated as valid on tokens Critical
GHSA-h533-5v22-8vcp was published for firebase/php-jwt (Composer) May 15, 2024
Variable Tampering within joomla/input class Critical
CVE-2022-23799 was published for joomla/input (Composer) Mar 31, 2022
Drupal core Remote Code Execution Critical
GHSA-jf8c-36vw-98x4 was published for drupal/drupal (Composer) May 15, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution Critical
GHSA-jjx7-8462-w4m4 was published for drupal/drupal (Composer) May 15, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution Critical
GHSA-7v68-3pr5-h3cr was published for drupal/core (Composer) May 15, 2024
Drupal core Remote Code Execution Critical
GHSA-6mgp-v5cm-ghg5 was published for drupal/core (Composer) May 15, 2024
Doctrine SQL injection vulnerability Critical
GHSA-6q9v-4hq6-5m67 was published for doctrine/orm (Composer) May 15, 2024
contao/core Insufficient input validation allows for code injection and remote execution Critical
GHSA-wxxw-5gq6-j2g5 was published for contao/core (Composer) May 15, 2024
ProTip! Advisories are also available from the GraphQL API