GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,996
Maven
5,000+
npm
3,709
NuGet
661
pip
3,348
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,135 advisories
Filter by severity
Pimcore includes vulnerable PHPOffice/PhpSpreadsheet
High
GHSA-hq76-662x-7mw4
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Sep 3, 2024
XXE in PHPSpreadsheet encoding is returned
High
CVE-2024-45048
was published
for
phpoffice/phpspreadsheet
(Composer)
Aug 29, 2024
Kirby has insufficient permission checks in the language settings
High
CVE-2024-41964
was published
for
getkirby/cms
(Composer)
Aug 29, 2024
Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD>
High
GHSA-34qg-65m4-f23m
was published
for
froxlor/froxlor
(Composer)
Aug 23, 2024
Persistent Cross-site Scripting in eZ Platform Rich Text Field Type
High
CVE-2024-43372
was published
for
ezsystems/ezplatform-richtext
(Composer)
Aug 14, 2024
Persistent Cross-site Scripting in Ibexa RichText Field Type
High
CVE-2024-43369
was published
for
ibexa/fieldtype-richtext
(Composer)
Aug 14, 2024
Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint
High
CVE-2024-42485
was published
for
pxlrbt/filament-excel
(Composer)
Aug 12, 2024
Shopware vulnerable to Server Side Template Injection in Twig using Context functions
High
CVE-2024-42356
was published
for
shopware/core
(Composer)
Aug 8, 2024
Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag
High
CVE-2024-42355
was published
for
shopware/core
(Composer)
Aug 8, 2024
Studio 42 elFinder vulnerable to Incorrect Access Control
High
CVE-2024-38909
was published
for
studio-42/elfinder
(Composer)
Jul 30, 2024
ICEcoder vulnerable to Cross Site Scripting
High
CVE-2024-41374
was published
for
icecoder/icecoder
(Composer)
Jul 26, 2024
ICEcoder vulnerable to Cross Site Scripting
High
CVE-2024-41375
was published
for
icecoder/icecoder
(Composer)
Jul 26, 2024
Dolibarr ERP CRM vulnerable to remote code execution (RCE)
High
CVE-2024-40137
was published
for
dolibarr/dolibarr
(Composer)
Jul 24, 2024
Automad arbitrary file upload vulnerability
High
CVE-2024-40400
was published
for
automad/automad
(Composer)
Jul 19, 2024
Sylius has a security vulnerability via adjustments API endpoint
High
CVE-2024-40633
was published
for
sylius/sylius
(Composer)
Jul 17, 2024
BookStack Incorrect Access Control vulnerability
High
CVE-2024-36676
was published
for
ssddanbrown/bookstack
(Composer)
Jul 10, 2024
EGroupware mishandles an ORDER BY clause
High
CVE-2024-40614
was published
for
egroupware/egroupware
(Composer)
Jul 7, 2024
aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account
High
CVE-2024-39323
was published
for
aimeos/ai-admin-graphql
(Composer)
Jul 2, 2024
Name confusion in x509 Subject Alternative Name fields
High
CVE-2023-52892
was published
for
phpseclib/phpseclib
(Composer)
Jun 28, 2024
Aimeos HTML client may potentially reveal sensitive information in error log
High
CVE-2024-38516
was published
for
aimeos/ai-client-html
(Composer)
Jun 25, 2024
Zip slip in opencart
High
CVE-2024-21518
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
Arbitrary File Creation in opencart
High
CVE-2024-21519
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
SQL injection in opencart
High
CVE-2024-21514
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
Dolibarr arbitrary file upload vulnerability
High
CVE-2024-37821
was published
for
dolibarr/dolibarr
(Composer)
Jun 18, 2024
Snipe-IT allows users to promote or demote themselves or other users
High
CVE-2024-5685
was published
for
snipe/snipe-it
(Composer)
Jun 14, 2024
ProTip!
Advisories are also available from the
GraphQL API