GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,435 advisories
Filter by severity
Duplicate Advisory: openCart Server-Side Template Injection (SSTI) vulnerability
Moderate
GHSA-j2v2-3784-vr44
was published
for
opencart/opencart
(Composer)
Dec 18, 2024
•
withdrawn
thorsten/phpmyfaq Unintended File Download Triggered by Embedded Frames
Moderate
CVE-2024-55889
was published
for
thorsten/phpmyfaq
(Composer)
Dec 13, 2024
Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx
Moderate
CVE-2024-55878
was published
for
shuchkin/simplexlsx
(Composer)
Dec 12, 2024
Withdrawn Advisory: Nette Database SQL injection
Moderate
CVE-2024-55586
was published
for
nette/database
(Composer)
Dec 10, 2024
•
withdrawn
Drupal core Access bypass
Moderate
CVE-2024-55634
was published
for
drupal/core
(Composer)
Dec 10, 2024
Drupal Core Cross-Site Scripting (XSS)
Moderate
CVE-2024-12393
was published
for
drupal/core
(Composer)
Dec 10, 2024
LibreNMS stored cross-site scripting (XSS) vulnerability in the Device Settings section
Moderate
CVE-2024-53457
was published
for
librenms/librenms
(Composer)
Dec 6, 2024
Drupal core vulnerable to improper error handling
Moderate
CVE-2024-11942
was published
for
drupal/core
(Composer)
Dec 5, 2024
ibexa/post-install affected by Breach with Varnish VCL
Moderate
GHSA-4h8f-c635-25p7
was published
for
ibexa/post-install
(Composer)
Dec 2, 2024
ibexa/http-cache affected by Breach with Varnish VCL
Moderate
GHSA-fh7v-q458-7vmw
was published
for
ibexa/http-cache
(Composer)
Dec 2, 2024
ezsystems/ezplatform-http-cache affected by Breach with Varnish VCL
Moderate
GHSA-mgfg-7533-7jf6
was published
for
ezsystems/ezplatform-http-cache
(Composer)
Dec 2, 2024
Ibexa Admin UI vulnerable to Cross-site Scripting in a field that is used in the Content name pattern
Moderate
CVE-2024-53864
was published
for
ibexa/admin-ui
(Composer)
Dec 2, 2024
SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
Moderate
CVE-2024-52806
was published
for
simplesamlphp/saml2
(Composer)
Dec 2, 2024
Withdrawn Advisory: Symfony http-security has authentication bypass
Moderate
CVE-2024-36611
was published
for
symfony/security-http
(Composer)
Nov 29, 2024
•
withdrawn
TCPDF Local File Inclusion vulnerability
Moderate
CVE-2024-51058
was published
for
tecnickcom/tcpdf
(Composer)
Nov 26, 2024
Moodle IDOR when deleting OAuth2 linked accounts
Moderate
CVE-2024-45690
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
Moodle allows users to retrieve information they did not have permission to access
Moderate
CVE-2024-45689
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
Moodle IDOR when accessing list of course badges
Moderate
CVE-2024-48899
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
Moodle Lesson activity password bypass through PHP loose comparison
Moderate
CVE-2024-45691
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
Redaxo Core CMS Cross Site Scripting (XSS)
Moderate
CVE-2024-50803
was published
for
redaxo/source
(Composer)
Nov 19, 2024
Statamic CMS has a Path Traversal in Asset Upload
Moderate
CVE-2024-52600
was published
for
statamic/cms
(Composer)
Nov 19, 2024
Moodle leaks user names
Moderate
CVE-2024-48896
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
moodle: Some users can delete audiences of other reports
Moderate
CVE-2024-48898
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
moodle: IDOR in edit/delete RSS feed
Moderate
CVE-2024-48897
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
moodle: IDOR when fetching report schedules
Moderate
CVE-2024-48901
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
ProTip!
Advisories are also available from the
GraphQL API