Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,076
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,967 advisories

Loading
Arbitrary File Creation in opencart Moderate
CVE-2024-21519 was published for opencart/opencart (Composer) Jun 22, 2024
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder High
CVE-2021-27916 was published for mautic/core (Composer) Apr 12, 2024
adiux mollux
Moodle stored XSS via calendar's event title when deleting the event Moderate
CVE-2024-38274 was published for moodle/moodle (Composer) Jun 18, 2024
Moodle uses the same key for QR login and auto-login Moderate
CVE-2024-38277 was published for moodle/moodle (Composer) Jun 18, 2024
Moodle CSRF risks due to misuse of confirm_sesskey Moderate
CVE-2024-38276 was published for moodle/moodle (Composer) Jun 18, 2024
Moodle BigBlueButton web service leaks meeting joining information Moderate
CVE-2024-38273 was published for moodle/moodle (Composer) Jun 18, 2024
October System module has a Reflected XSS via X-October-Request-Handler Header Low
CVE-2024-25637 was published for october/system (Composer) Jun 26, 2024
October System module has an Open Redirect for Administrator Accounts Low
CVE-2024-24764 was published for october/system (Composer) Jun 26, 2024
Aimeos HTML client may potentially reveal sensitive information in error log High
CVE-2024-38516 was published for aimeos/ai-client-html (Composer) Jun 25, 2024
ssshah2131
Zip slip in opencart High
CVE-2024-21518 was published for opencart/opencart (Composer) Jun 22, 2024
FriendlyCaptcha Plugin for TYPO3 Captcha Check Bypass Moderate
CVE-2024-38873 was published for studiomitte/friendlycaptcha (Composer) Jun 21, 2024
Cross site scripting in opencart Moderate
CVE-2024-21517 was published for opencart/opencart (Composer) Jun 22, 2024
Cross site scripting in opencart Moderate
CVE-2024-21516 was published for opencart/opencart (Composer) Jun 22, 2024
Cross site scripting in opencart Moderate
CVE-2024-21515 was published for opencart/opencart (Composer) Jun 22, 2024
SQL injection in opencart High
CVE-2024-21514 was published for opencart/opencart (Composer) Jun 22, 2024
events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability Moderate
CVE-2024-38874 was published for jweiland/events2 (Composer) Jun 21, 2024
iepn
Duplicate Advisory: aimeos-core arbitrary file upload vulnerability High
CVE-2024-36811 was published for aimeos/aimeos-core (Composer) Jun 7, 2024 withdrawn
aimeos
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements Moderate
CVE-2024-38357 was published for TinyMCE (Composer) Jun 19, 2024
Malav-MK
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option Moderate
CVE-2024-38356 was published for TinyMCE (Composer) Jun 19, 2024
Composer has a command injection via malicious git branch name High
CVE-2024-35241 was published for composer/composer (Composer) Jun 10, 2024
martinhaunschmid
Composer has multiple command injections via malicious git/hg branch names High
CVE-2024-35242 was published for composer/composer (Composer) Jun 10, 2024
haqpl
Snipe-IT allows users to promote or demote themselves or other users High
CVE-2024-5685 was published for snipe/snipe-it (Composer) Jun 14, 2024
Moodle HTTP authorization header is preserved between "emulated redirects" Moderate
CVE-2024-38275 was published for moodle/moodle (Composer) Jun 18, 2024
Dolibarr arbitrary file upload vulnerability High
CVE-2024-37821 was published for dolibarr/dolibarr (Composer) Jun 18, 2024
Withdrawn Advisory: Subrion CMS vulnerable to SQL Injection Moderate
CVE-2024-25400 was published for intelliants/subrion (Composer) Feb 27, 2024 withdrawn
ProTip! Advisories are also available from the GraphQL API