GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,648
Erlang
29
GitHub Actions
16
Go
1,705
Maven
4,937
npm
3,470
NuGet
603
pip
2,982
Pub
10
RubyGems
826
Rust
770
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,648 advisories
Filter by severity
Shopware Remote Code Execution Vulnerability
Critical
GHSA-83jv-4prm-34g7
was published
for
shopware/shopware
(Composer)
May 21, 2024
Shopware Remote Code Execution Vulnerability
Critical
GHSA-7336-ghhp-f2qj
was published
for
shopware/shopware
(Composer)
May 21, 2024
Shopware Non-Persistent XSS in the Frontend
Moderate
GHSA-jqr7-5h7r-ch8p
was published
for
shopware/shopware
(Composer)
May 21, 2024
Shopware Remote Code Execution Vulnerability
Critical
GHSA-q3g4-2vw9-xv27
was published
for
shopware/shopware
(Composer)
May 21, 2024
sensiolabs/connect has a Cross-Site Request Forgery Vulnerability
Moderate
GHSA-6wqp-7g94-f69j
was published
for
sensiolabs/connect
(Composer)
May 21, 2024
scheb/two-factor-bundle bypass two-factor authentication with remember-me option
High
GHSA-9phw-7h96-q3rv
was published
for
scheb/two-factor-bundle
(Composer)
May 21, 2024
scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token
High
GHSA-h6mp-mc7g-mg49
was published
for
scheb/two-factor-bundle
(Composer)
May 21, 2024
verbb/formie Server-Side Template Injection for variable-enabled settings
Moderate
CVE-2024-35191
was published
for
verbb/formie
(Composer)
May 20, 2024
AVideo cross-site scripting vulnerability in the view/about.php page
Moderate
CVE-2024-34899
was published
for
wwbn/avideo
(Composer)
May 20, 2024
robrichards/xmlseclibs XPath injection
High
GHSA-2g98-f9jv-w8c5
was published
for
robrichards/xmlseclibs
(Composer)
May 20, 2024
Pusher Service Channel Authentication Bypass
Moderate
GHSA-7v7m-pcw5-h3cg
was published
for
pusher/pusher-php-server
(Composer)
May 20, 2024
propel/propel1 SQL injection possible with limit() on MySQL
Critical
GHSA-7g7c-qhf3-x59p
was published
for
propel/propel1
(Composer)
May 20, 2024
Propel2 SQL injection possible with limit() on MySQL
Critical
GHSA-7vw7-qx38-37vr
was published
for
propel/propel
(Composer)
May 20, 2024
phpxmlrpc/extra XSS in class documenting_xmlrpc_server
Moderate
GHSA-ww6p-q26w-fr6m
was published
for
phpxmlrpc/extras
(Composer)
May 20, 2024
Passbolt Api Tabnabbing when opening URI with menu "Open URI in a new tab"
Moderate
GHSA-qm5v-pj64-852j
was published
for
passbolt/passbolt_api
(Composer)
May 20, 2024
Passbolt API Stored XSS on first/last name during setup
High
GHSA-2f46-4xjm-73x5
was published
for
passbolt/passbolt_api
(Composer)
May 20, 2024
Passbolt Api Remote code execution
High
GHSA-cv5c-2qv5-w2m2
was published
for
passbolt/passbolt_api
(Composer)
May 20, 2024
Passbolt Api Retrieval of HTTP-only cookies
Low
GHSA-f5pp-pmq8-gp46
was published
for
passbolt/passbolt_api
(Composer)
May 20, 2024
Passbolt Api E-mail HTML injection
Moderate
GHSA-v86m-j5f7-ccwh
was published
for
passbolt/passbolt_api
(Composer)
May 20, 2024
OroPlatform Forced Redirect to External Website
Moderate
GHSA-3vhm-q4w3-rw8q
was published
for
oro/platform
(Composer)
May 20, 2024
OroCRM Forced Redirect to External Website
Moderate
GHSA-v8hp-239v-9367
was published
for
oro/crm
(Composer)
May 20, 2024
random_compat Uses insecure CSPRNG
Low
GHSA-3fmq-x9q6-wm39
was published
for
paragonie/random_compat
(Composer)
May 17, 2024
onelogin/php-saml signature wrapping attacks
Moderate
CVE-2016-1000253
was published
for
onelogin/php-saml
(Composer)
May 17, 2024
onelogin/php-saml Improper signature validation on LogoutRequest/LogoutResponse.
Low
GHSA-9wrw-p9rm-r782
was published
for
onelogin/php-saml
(Composer)
May 17, 2024
nzo/url-encryptor-bundle Insecure default secret key and IV allowing anyone to decrypt values
High
GHSA-r2r8-36pq-27cm
was published
for
nzo/url-encryptor-bundle
(Composer)
May 17, 2024
ProTip!
Advisories are also available from the
GraphQL API