GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
4,273 advisories
Filter by severity
Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx
Moderate
CVE-2024-56364
was published
for
shuchkin/simplexlsx
(Composer)
Dec 23, 2024
Socialstream has a Potential Account Takeover Vulnerability in Social Account Linking Due to Missing User Consent After OAuth Callback
High
CVE-2024-56329
was published
for
joelbutcher/socialstream
(Composer)
Dec 20, 2024
Browsershot Improper Input Validation vulnerability
High
CVE-2024-21549
was published
for
spatie/browsershot
(Composer)
Dec 20, 2024
Duplicate Advisory: openCart Server-Side Template Injection (SSTI) vulnerability
Moderate
GHSA-j2v2-3784-vr44
was published
for
opencart/opencart
(Composer)
Dec 18, 2024
•
withdrawn
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled
Critical
CVE-2024-56145
was published
for
craftcms/cms
(Composer)
Dec 18, 2024
Spatie Browsershot Directory Traversal vulnerability
High
CVE-2024-21547
was published
for
spatie/browsershot
(Composer)
Dec 18, 2024
UniSharp Laravel Filemanager Code Injection vulnerability
High
CVE-2024-21546
was published
for
unisharp/laravel-filemanager
(Composer)
Dec 18, 2024
thorsten/phpmyfaq Unintended File Download Triggered by Embedded Frames
Moderate
CVE-2024-55889
was published
for
thorsten/phpmyfaq
(Composer)
Dec 13, 2024
Laravel Pulse Allows Remote Code Execution via Unprotected Query Method
High
CVE-2024-55661
was published
for
laravel/pulse
(Composer)
Dec 13, 2024
Browsershot Local File Inclusion
High
CVE-2024-21544
was published
for
spatie/browsershot
(Composer)
Dec 13, 2024
Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx
Moderate
CVE-2024-55878
was published
for
shuchkin/simplexlsx
(Composer)
Dec 12, 2024
Withdrawn Advisory: Nette Database SQL injection
Moderate
CVE-2024-55586
was published
for
nette/database
(Composer)
Dec 10, 2024
•
withdrawn
Drupal core contains a potential PHP Object Injection vulnerability
High
CVE-2024-55637
was published
for
drupal/core
(Composer)
Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability
Low
CVE-2024-55636
was published
for
drupal/core
(Composer)
Dec 10, 2024
Drupal core contains a potential PHP Object Injection vulnerability
High
CVE-2024-55638
was published
for
drupal/core
(Composer)
Dec 10, 2024
Drupal core Access bypass
Moderate
CVE-2024-55634
was published
for
drupal/core
(Composer)
Dec 10, 2024
Drupal Core Cross-Site Scripting (XSS)
Moderate
CVE-2024-12393
was published
for
drupal/core
(Composer)
Dec 10, 2024
league/commonmark's quadratic complexity bugs may lead to a denial of service
High
GHSA-c2pc-g5qf-rfrf
was published
for
league/commonmark
(Composer)
Dec 9, 2024
Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion
High
CVE-2024-54149
was published
for
winter/wn-cms-module
(Composer)
Dec 9, 2024
phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available
High
CVE-2024-54141
was published
for
thorsten/phpmyfaq
(Composer)
Dec 6, 2024
LibreNMS stored cross-site scripting (XSS) vulnerability in the Device Settings section
Moderate
CVE-2024-53457
was published
for
librenms/librenms
(Composer)
Dec 6, 2024
Drupal core vulnerable to improper error handling
Moderate
CVE-2024-11942
was published
for
drupal/core
(Composer)
Dec 5, 2024
Drupal core Denial of Service
High
CVE-2024-11941
was published
for
drupal/core
(Composer)
Dec 5, 2024
SimpleSAMLphp vulnerable to XXE in parsing SAML messages
High
GHSA-j5g2-q29x-cw3h
was published
for
simplesamlphp/simplesamlphp
(Composer)
Dec 2, 2024
•
withdrawn
ibexa/post-install affected by Breach with Varnish VCL
Moderate
GHSA-4h8f-c635-25p7
was published
for
ibexa/post-install
(Composer)
Dec 2, 2024
ProTip!
Advisories are also available from the
GraphQL API