GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,968 advisories
Filter by severity
Withdrawn Advisory: Subrion CMS vulnerable to SQL Injection
Moderate
CVE-2024-25400
was published
for
intelliants/subrion
(Composer)
Feb 27, 2024
•
withdrawn
Firefly III has a MFA bypass in oauth flow
Moderate
CVE-2024-37893
was published
for
grumpydictator/firefly-iii
(Composer)
Jun 17, 2024
Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability
Critical
CVE-2024-34102
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
WooCommerce has a Cross-Site Scripting Vulnerability in checkout & registration forms
Moderate
CVE-2024-37297
was published
for
woocommerce/woocommerce
(Composer)
Jun 12, 2024
ThinkPHP Cross-Site Scripting Vulnerability
Moderate
CVE-2024-34467
was published
for
topthink/framework
(Composer)
May 4, 2024
TCPDF vulnerable to Regular Expression Denial of Service
Moderate
CVE-2024-22640
was published
for
tecnickcom/tcpdf
(Composer)
Apr 19, 2024
Digital products download without proper payment status check
Moderate
CVE-2024-37296
was published
for
aimeos/ai-client-html
(Composer)
Jun 5, 2024
Remote code execution in web server context
High
CVE-2024-37295
was published
for
aimeos/aimeos-core
(Composer)
Jun 5, 2024
Aimeos denial of service vulnerability in SaaS and marketplace setups
Moderate
CVE-2024-37294
was published
for
aimeos/aimeos-core
(Composer)
May 29, 2024
EC-CUBE vulnerable to authorization bypass
Moderate
CVE-2014-0808
was published
for
ec-cube/ec-cube
(Composer)
May 17, 2022
Password hash exposed in CraftCMS two factor authentication plugin
Low
CVE-2024-5657
was published
for
born05/craft-twofactorauthentication
(Composer)
Jun 6, 2024
Improper Authentication in CraftCMS two factor authentication plugin
Moderate
CVE-2024-5658
was published
for
born05/craft-twofactorauthentication
(Composer)
Jun 6, 2024
Craft CMS discloses password hashes
High
CVE-2022-37783
was published
for
craftcms/cms
(Composer)
Dec 5, 2022
Laravel Framework RCE Vulnerability
High
CVE-2018-15133
was published
for
laravel/framework
(Composer)
May 14, 2022
formwork Cross-site scripting vulnerability in Markdown fields
Moderate
CVE-2024-35621
was published
for
getformwork/formwork
(Composer)
May 28, 2024
zfr authentication adapter did not verify validity of tokens
High
GHSA-rcm4-jv5g-wccm
was published
for
zfr/zfr-oauth2-server-module
(Composer)
Jun 7, 2024
ZendOpenID potential security issue in login mechanism
High
GHSA-3x57-m5p4-rgh4
was published
for
zendframework/zendopenid
(Composer)
Jun 7, 2024
Zendframework1 Potential SQL injection in ORDER and GROUP functions
Critical
GHSA-6fqw-j3vm-7f66
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zendframework Potential Information Disclosure and Insufficient Entropy vulnerability
High
GHSA-848f-mph5-9pm9
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework1 Potential Insufficient Entropy Vulnerability
High
GHSA-8xhv-gqm4-3w99
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)
Critical
GHSA-v42g-7q2x-cw32
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability
High
GHSA-mg4x-prh7-g4mx
was published
for
zendframework/zend-captcha
(Composer)
Jun 7, 2024
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select
Critical
GHSA-2x36-qhx3-7m5f
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zendframework potential security issue in login mechanism
High
GHSA-9v78-h226-2rmq
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
willdurand/js-translation-bundle potential path traversal attack and remote code injection
Critical
GHSA-x86x-qhf8-f37w
was published
for
willdurand/js-translation-bundle
(Composer)
Jun 7, 2024
ProTip!
Advisories are also available from the
GraphQL API