GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,434
Erlang
29
GitHub Actions
16
Go
1,660
Maven
4,922
npm
3,450
NuGet
594
pip
2,840
Pub
10
RubyGems
823
Rust
764
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,434 advisories
Filter by severity
Pterodactyl panel's admin area vulnerable to Cross-site Scripting
Moderate
CVE-2024-34067
was published
for
pterodactyl/panel
(Composer)
May 3, 2024
Lavalite CMS Cross Site Scripting vulnerability
Moderate
CVE-2024-31828
was published
for
lavalite/cms
(Composer)
Apr 27, 2024
Passbolt API allows HTML injection
Moderate
CVE-2024-33670
was published
for
passbolt/passbolt_api
(Composer)
Apr 26, 2024
PHPECC vulnerable to multiple cryptographic side-channel attacks
Critical
GHSA-346h-749j-r28w
was published
for
mdanter/ecc
(Composer)
Apr 25, 2024
Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881
Moderate
GHSA-vjwg-28gv-pm8h
was published
for
pimcore/pimcore
(Composer)
Apr 24, 2024
Zend Framework SQL injection vulnerability
Critical
CVE-2014-8089
was published
for
zendframework/zend-db
(Composer)
Apr 23, 2024
Drupal Core Remote Code Execution Vulnerability
Critical
CVE-2018-7602
was published
for
drupal/core
(Composer)
Apr 23, 2024
Sylius Cross Site Scripting (XSS) vulnerability
Moderate
CVE-2024-29376
was published
for
sylius/sylius
(Composer)
Apr 22, 2024
LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction
High
CVE-2024-32480
was published
for
librenms/librenms
(Composer)
Apr 22, 2024
LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS
High
CVE-2024-32479
was published
for
librenms/librenms
(Composer)
Apr 22, 2024
LibreNMS vulnerable to SQL injection time-based leads to database extraction
High
CVE-2024-32461
was published
for
librenms/librenms
(Composer)
Apr 22, 2024
TCPDF vulnerable to Regular Expression Denial of Service
Moderate
CVE-2024-22640
was published
for
tecnickcom/tcpdf
(Composer)
Apr 19, 2024
Dolibarr Application Home Page has HTML injection vulnerability
High
CVE-2024-23817
was published
for
dolibarr/dolibarr
(Composer)
Apr 18, 2024
Dolibarr vulnerable to Cross-Site Request Forgery
High
CVE-2024-31503
was published
for
dolibarr/dolibarr
(Composer)
Apr 17, 2024
TCPDF Cross-site Scripting vulnerability
Moderate
CVE-2024-32489
was published
for
tecnickcom/tcpdf
(Composer)
Apr 15, 2024
Dusk plugin may allow unfettered user authentication in misconfigured installs
High
CVE-2024-32003
was published
for
winter/wn-dusk-plugin
(Composer)
Apr 12, 2024
Mautic: MST-48 Server-Side Request Forgery in Asset section
Moderate
CVE-2022-25777
was published
for
mautic/core
(Composer)
Apr 12, 2024
Mautic Sensitive Data Exposure due to inadequate user permission settings
High
CVE-2022-25776
was published
for
mautic/core
(Composer)
Apr 12, 2024
Mautic SQL Injection in dynamic Reports
Moderate
CVE-2022-25775
was published
for
mautic/core
(Composer)
Apr 12, 2024
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder
High
CVE-2021-27916
was published
for
mautic/core
(Composer)
Apr 12, 2024
timber/timber vulnerable to Deserialization of Untrusted Data
High
CVE-2024-29800
was published
for
timber/timber
(Composer)
Apr 12, 2024
Mautic vulnerable to cross-site scripting in notifications via saving Dashboards
Moderate
CVE-2022-25774
was published
for
mautic/core
(Composer)
Apr 12, 2024
Reportico affected by Incorrect Access Control
Moderate
CVE-2023-48865
was published
for
reportico-web/reportico
(Composer)
Apr 12, 2024
Mautic vulnerable to stored cross-site scripting in description field
High
CVE-2021-27915
was published
for
mautic/core
(Composer)
Apr 11, 2024
Contao: Insufficient BBCode sanitizer
Moderate
CVE-2024-28234
was published
for
contao/comments-bundle
(Composer)
Apr 9, 2024
ProTip!
Advisories are also available from the
GraphQL API