GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
475 advisories
Filter by severity
terminal42/contao-tablelookupwizard possible SQL injection in widget field value
Critical
GHSA-7fpj-wc8v-9cgc
was published
for
terminal42/contao-tablelookupwizard
(Composer)
May 30, 2024
Symfony XML decoding attack vector through external entities
Critical
GHSA-mmcv-fvq8-r9x3
was published
for
symfony/symfony
(Composer)
May 30, 2024
Symfony XML decoding attack vector through external entities
Critical
GHSA-j68w-pg49-f6vx
was published
for
symfony/serializer
(Composer)
May 30, 2024
Swiftmailer Sendmail transport arbitrary shell execution
Critical
GHSA-4qpj-gxxg-jqg4
was published
for
swiftmailer/swiftmailer
(Composer)
May 29, 2024
SimpleSAMLphp signature validation bypass
Critical
GHSA-fjr2-r2mp-484p
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
Dolibarr vulnerable to SQL Injection
Critical
CVE-2024-5315
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2024
Dolibarr vulnerable to SQL Injection
Critical
CVE-2024-5314
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2024
Silverstripe Brute force bypass on default admin
Critical
GHSA-8v6m-7f5v-hhx6
was published
for
silverstripe/framework
(Composer)
May 23, 2024
VuFind Server-Side Request Forgery (SSRF) vulnerability
Critical
CVE-2024-25738
was published
for
vufind/vufind
(Composer)
May 22, 2024
VuFind Server-Side Request Forgery (SSRF) vulnerability
Critical
CVE-2024-25737
was published
for
vufind/vufind
(Composer)
May 22, 2024
Shopware Remote Code Execution Vulnerability
Critical
GHSA-83jv-4prm-34g7
was published
for
shopware/shopware
(Composer)
May 21, 2024
Shopware Remote Code Execution Vulnerability
Critical
GHSA-7336-ghhp-f2qj
was published
for
shopware/shopware
(Composer)
May 21, 2024
Shopware Remote Code Execution Vulnerability
Critical
GHSA-q3g4-2vw9-xv27
was published
for
shopware/shopware
(Composer)
May 21, 2024
propel/propel1 SQL injection possible with limit() on MySQL
Critical
GHSA-7g7c-qhf3-x59p
was published
for
propel/propel1
(Composer)
May 20, 2024
Propel2 SQL injection possible with limit() on MySQL
Critical
GHSA-7vw7-qx38-37vr
was published
for
propel/propel
(Composer)
May 20, 2024
Flow Swift Mailer package Remote code execution
Critical
GHSA-rq6q-hjvh-5mwh
was published
for
neos/swiftmailer
(Composer)
May 17, 2024
namshi/jose - Verification bypass
Critical
GHSA-4rr6-gf59-ggw5
was published
for
namshi/jose
(Composer)
May 17, 2024
Magento RCE,XSS and other vulnerabilities
Critical
GHSA-8j7c-682x-r9f2
was published
for
magento/community-edition
(Composer)
May 15, 2024
Magento remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities
Critical
GHSA-5gmh-85x8-5cx7
was published
for
magento/community-edition
(Composer)
May 15, 2024
Magento Open Source Security Advisory: Patch SUPEE-10975
Critical
GHSA-cv25-3pxr-4q7x
was published
for
magento/community-edition
(Composer)
May 15, 2024
Magento Patch SUPEE-9652 - Remote Code Execution using mail vulnerability
Critical
GHSA-26hq-7286-mg8f
was published
for
magento/community-edition
(Composer)
May 15, 2024
Magento Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities
Critical
GHSA-6wm4-3rjj-c8xx
was published
for
magento/community-edition
(Composer)
May 15, 2024
Magento Patch SUPEE-10752 - Multiple security enhancements vulnerabilities
Critical
GHSA-prpf-cj87-hwvr
was published
for
magento/community-edition
(Composer)
May 15, 2024
Laravel RCE vulnerability in "cookie" session driver
Critical
GHSA-qm5c-m76r-2hfr
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel RCE vulnerability in "cookie" session driver
Critical
GHSA-2ffv-r4r9-r8xr
was published
for
illuminate/cookie
(Composer)
May 15, 2024
ProTip!
Advisories are also available from the
GraphQL API