Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,257
Maven
5,000+
npm
3,909
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

168 advisories

Loading
silverstripe/framework has possible denial of service attack vector when flushing High
GHSA-cwgq-83w5-8jfq was published for silverstripe/framework (Composer) May 28, 2024
silverstripe/framework uploaded PHP script execution in assets Moderate
GHSA-f43j-8hq4-2xj9 was published for silverstripe/framework (Composer) May 27, 2024
Laravel Guard bypass in Eloquent models Moderate
GHSA-44pg-c29v-hp6r was published for laravel/framework (Composer) May 15, 2024
Laravel Risk of mass-assignment vulnerabilities Moderate
GHSA-rj3w-99gc-8j58 was published for laravel/framework (Composer) May 15, 2024
Laravel Risk of mass-assignment vulnerabilities Moderate
GHSA-cc2w-ghc5-m5qr was published for illuminate/database (Composer) May 15, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution Critical
GHSA-jjx7-8462-w4m4 was published for drupal/drupal (Composer) May 15, 2024
Magento Open Source allows Improper Input Validation High
CVE-2024-20758 was published for magento/community-edition (Composer) Apr 10, 2024
Concrete CMS Stored XSS in blocks of type file Low
CVE-2024-3180 was published for concrete5/concrete5 (Composer) Apr 3, 2024
Concrete CMS Stored XSS in the Search Field Low
CVE-2024-3181 was published for concrete5/concrete5 (Composer) Apr 3, 2024
Concrete CMS Stored XSS in the Custom Class page editing Low
CVE-2024-3179 was published for concrete5/concrete5 (Composer) Apr 3, 2024
Concrete CMS Stored XSS on the calendar color settings screen Low
CVE-2024-2753 was published for concrete5/concrete5 (Composer) Apr 3, 2024
Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter Low
CVE-2024-3178 was published for concrete5/concrete5 (Composer) Apr 3, 2024
Concrete CMS Stored Cross-site Scripting vulnerability Low
CVE-2024-2179 was published for concrete5/concrete5 (Composer) Mar 5, 2024
Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature Low
CVE-2024-1246 was published for concrete5/concrete5 (Composer) Feb 9, 2024
Concrete CMS vulnerable to stored XSS in file tags and description attributes Low
CVE-2024-1245 was published for concrete5/concrete5 (Composer) Feb 9, 2024
Concrete CMS vulnerable to stored XSS via the Role Name field Low
CVE-2024-1247 was published for concrete5/concrete5 (Composer) Feb 9, 2024
class.upload.php allows cross-site scripting attacks via uploaded files Moderate
CVE-2023-6551 was published for verot/class.upload.php (Composer) Jan 4, 2024
Froxlor username/surname AND company field Bypass High
CVE-2023-50256 was published for froxlor/froxlor (Composer) Jan 4, 2024
ahmedvienna
PrestaShop some attribute not escaped in Validate::isCleanHTML method High
CVE-2024-21627 was published for prestashop/prestashop (Composer) Jan 3, 2024
Antonio-R1 antoniospataro
matthieu-rolland AureRita boherm matks
Denial of service caused by infinite recursion when parsing SVG images Moderate
CVE-2023-50262 was published for dompdf/dompdf (Composer) Dec 13, 2023
cod3beat
Dolibarr Improper Input Validation vulnerability High
CVE-2023-4197 was published for dolibarr/dolibarr (Composer) Nov 1, 2023
Magento Open Source has Improper Input Validation Vulnerability Moderate
CVE-2023-26367 was published for magento/community-edition (Composer) Oct 13, 2023
Magento Open Source allows Incorrect Authorization Moderate
CVE-2023-38218 was published for magento/community-edition (Composer) Oct 13, 2023
OpenCart Path Traversal vulnerability High
CVE-2023-2315 was published for opencart/opencart (Composer) Sep 27, 2023
Magento Open Source affected by Improper Input Validation Moderate
CVE-2022-24093 was published for magento/community-edition (Composer) Sep 18, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database