GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,151 advisories
Filter by severity
SQL injection in funadmin
High
CVE-2024-48225
was published
for
funadmin/funadmin
(Composer)
Oct 25, 2024
SQL injection in funadmin
High
CVE-2024-48226
was published
for
funadmin/funadmin
(Composer)
Oct 25, 2024
SQL injection in funadmin
High
CVE-2024-48224
was published
for
funadmin/funadmin
(Composer)
Oct 25, 2024
Remote code execution in php-heic-to-jpg
High
CVE-2024-48514
was published
for
maestroerror/php-heic-to-jpg
(Composer)
Oct 24, 2024
SQL injection in funadmin
High
CVE-2024-48231
was published
for
funadmin/funadmin
(Composer)
Oct 21, 2024
Snipe-IT remote code execution
High
CVE-2024-48987
was published
for
snipe/snipe-it
(Composer)
Oct 11, 2024
Magento Open Source Improper Authorization vulnerability
High
CVE-2024-45132
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Access Control vulnerability
High
CVE-2024-45118
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Livewire Remote Code Execution on File Uploads
High
CVE-2024-47823
was published
for
livewire/livewire
(Composer)
Oct 8, 2024
XXE in PHPSpreadsheet's XLSX reader
High
CVE-2024-45293
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file
High
CVE-2024-45290
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name
High
CVE-2024-47524
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
Mautic has insufficient authentication in upgrade flow
High
CVE-2022-25770
was published
for
mautic/core
(Composer)
Sep 19, 2024
Mautic vulnerable to Improper Access Control in UI upgrade process
High
CVE-2022-25768
was published
for
mautic/core
(Composer)
Sep 18, 2024
Kimai has an XXE Leading to Local File Read
High
GHSA-534c-hcr7-67jg
was published
for
kimai/kimai
(Composer)
Sep 17, 2024
Contao affected by remote command execution through file upload
High
CVE-2024-45398
was published
for
contao/core-bundle
(Composer)
Sep 17, 2024
Pimcore includes vulnerable PHPOffice/PhpSpreadsheet
High
GHSA-hq76-662x-7mw4
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Sep 3, 2024
XXE in PHPSpreadsheet encoding is returned
High
CVE-2024-45048
was published
for
phpoffice/phpspreadsheet
(Composer)
Aug 29, 2024
Kirby has insufficient permission checks in the language settings
High
CVE-2024-41964
was published
for
getkirby/cms
(Composer)
Aug 29, 2024
Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD>
High
GHSA-34qg-65m4-f23m
was published
for
froxlor/froxlor
(Composer)
Aug 23, 2024
Persistent Cross-site Scripting in eZ Platform Rich Text Field Type
High
CVE-2024-43372
was published
for
ezsystems/ezplatform-richtext
(Composer)
Aug 14, 2024
Persistent Cross-site Scripting in Ibexa RichText Field Type
High
CVE-2024-43369
was published
for
ibexa/fieldtype-richtext
(Composer)
Aug 14, 2024
Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint
High
CVE-2024-42485
was published
for
pxlrbt/filament-excel
(Composer)
Aug 12, 2024
Shopware vulnerable to Server Side Template Injection in Twig using Context functions
High
CVE-2024-42356
was published
for
shopware/core
(Composer)
Aug 8, 2024
Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag
High
CVE-2024-42355
was published
for
shopware/core
(Composer)
Aug 8, 2024
ProTip!
Advisories are also available from the
GraphQL API