Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,049 advisories

Loading
cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction High
GHSA-pgj4-g5j4-cmfx was published for cart2quote/module-quotation-encoded (Composer) May 15, 2024
easyadmin-extension-bundle action case insensitivity High
GHSA-32rx-xvvr-4xv9 was published for alterphp/easyadmin-extension-bundle (Composer) May 15, 2024
pygmentize Remote Code Execution High
GHSA-77mv-mp2j-gxxh was published for 3f/pygmentize (Composer) May 15, 2024
Grav Vulnerable to Arbitrary File Read to Account Takeover High
CVE-2024-34082 was published for getgrav/grav (Composer) May 15, 2024
richighimi
Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process High
CVE-2024-34077 was published for mantisbt/mantisbt (Composer) May 13, 2024
dregad redna-xela
LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction High
CVE-2024-32480 was published for librenms/librenms (Composer) Apr 22, 2024
sco4x0
LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS High
CVE-2024-32479 was published for librenms/librenms (Composer) Apr 22, 2024
rook1337
LibreNMS vulnerable to SQL injection time-based leads to database extraction High
CVE-2024-32461 was published for librenms/librenms (Composer) Apr 22, 2024
Louhan-dev
Dolibarr Application Home Page has HTML injection vulnerability High
CVE-2024-23817 was published for dolibarr/dolibarr (Composer) Apr 18, 2024
saimanikanta1992
Dolibarr vulnerable to Cross-Site Request Forgery High
CVE-2024-31503 was published for dolibarr/dolibarr (Composer) Apr 17, 2024
Dusk plugin may allow unfettered user authentication in misconfigured installs High
CVE-2024-32003 was published for winter/wn-dusk-plugin (Composer) Apr 12, 2024
bennothommo
Mautic Sensitive Data Exposure due to inadequate user permission settings High
CVE-2022-25776 was published for mautic/core (Composer) Apr 12, 2024
lenonleite
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder High
CVE-2021-27916 was published for mautic/core (Composer) Apr 12, 2024
adiux mollux
timber/timber vulnerable to Deserialization of Untrusted Data High
CVE-2024-29800 was published for timber/timber (Composer) Apr 12, 2024
Sonicrrrr dennisenderink
Mautic vulnerable to stored cross-site scripting in description field High
CVE-2021-27915 was published for mautic/core (Composer) Apr 11, 2024
Contao: Possible cookie sharing with external domains while checking protected pages for broken links High
CVE-2024-28235 was published for contao/core-bundle (Composer) Apr 9, 2024
amphp/http-client Denial of Service via HTTP/2 CONTINUATION Frames High
GHSA-w8gf-g2vq-j2f4 was published for amphp/http-client (Composer) Apr 3, 2024
bartekn
AMPHP Denial of Service via HTTP/2 CONTINUATION Frames High
CVE-2024-2653 was published for amphp/http (Composer) Apr 3, 2024
bartekn
UVDesk Community Helpdesk Improper Privilege Management High
CVE-2024-3137 was published for uvdesk/core-framework (Composer) Apr 2, 2024
Centreon updateGroups SQL Injection Remote Code Execution Vulnerability High
CVE-2024-23115 was published for centreon/centreon (Composer) Apr 2, 2024
Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability High
CVE-2024-23118 was published for centreon/centreon (Composer) Apr 2, 2024
Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability High
CVE-2024-23119 was published for centreon/centreon (Composer) Apr 2, 2024
Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability High
CVE-2024-23116 was published for centreon/centreon (Composer) Apr 2, 2024
Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability High
CVE-2024-0637 was published for centreon/centreon (Composer) Apr 2, 2024
Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability High
CVE-2024-23117 was published for centreon/centreon (Composer) Apr 2, 2024
ProTip! Advisories are also available from the GraphQL API