GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
6,565 advisories
Filter by severity
Drupal core Arbitrary PHP code execution
High
GHSA-gxxj-g9v8-w28p
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar
High
GHSA-98h9-727m-44qv
was published
for
drupal/core
(Composer)
May 15, 2024
doctrine/orm Regression in Query Parenthesis can have Security Implications
High
GHSA-vjrg-wpm8-rhrw
was published
for
doctrine/orm
(Composer)
May 15, 2024
Doctrine DBAL SQL injection possibility
High
GHSA-76w8-mqx4-wjrf
was published
for
doctrine/dbal
(Composer)
May 15, 2024
contao/core PHP object injection vulnerability allows for arbitrary code execution
High
GHSA-wq43-8r5p-w3mc
was published
for
contao/core
(Composer)
May 15, 2024
OpenCFP Framework (Sentry) Account takeover via null password reset codes
High
GHSA-2m5g-8xpw-42vp
was published
for
cartalyst/sentry
(Composer)
May 15, 2024
cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction
High
GHSA-pgj4-g5j4-cmfx
was published
for
cart2quote/module-quotation-encoded
(Composer)
May 15, 2024
easyadmin-extension-bundle action case insensitivity
High
GHSA-32rx-xvvr-4xv9
was published
for
alterphp/easyadmin-extension-bundle
(Composer)
May 15, 2024
pygmentize Remote Code Execution
High
GHSA-77mv-mp2j-gxxh
was published
for
3f/pygmentize
(Composer)
May 15, 2024
Grav Vulnerable to Arbitrary File Read to Account Takeover
High
CVE-2024-34082
was published
for
getgrav/grav
(Composer)
May 15, 2024
Grafana folders admin only permission privilege escalation
High
CVE-2022-36062
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana account takeover via OAuth vulnerability
High
CVE-2022-31107
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Stored Cross-site Scripting in Unified Alerting
High
CVE-2022-31097
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
dotmesh arbitrary file read and/or write
High
CVE-2020-26312
was published
for
github.com/dotmesh-io/dotmesh
(Go)
May 14, 2024
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
High
CVE-2024-32977
was published
for
OctoPrint
(pip)
May 14, 2024
github.com/containers/image allows unexpected authenticated registry accesses
High
CVE-2024-3727
was published
for
github.com/containers/image
(Go)
May 14, 2024
Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages
High
CVE-2024-34707
was published
for
nautobot
(pip)
May 13, 2024
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue
High
CVE-2023-49781
was published
for
nocodb
(npm)
May 13, 2024
Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process
High
CVE-2024-34077
was published
for
mantisbt/mantisbt
(Composer)
May 13, 2024
Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX
High
CVE-2024-34360
was published
for
github.com/spacemeshos/api
(Go)
May 10, 2024
Next.js Server-Side Request Forgery in Server Actions
High
CVE-2024-34351
was published
for
next
(npm)
May 9, 2024
Next.js Vulnerable to HTTP Request Smuggling
High
CVE-2024-34350
was published
for
next
(npm)
May 9, 2024
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow
High
CVE-2024-32655
was published
for
Npgsql
(NuGet)
May 9, 2024
@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability
High
CVE-2024-34345
was published
for
@cyclonedx/cyclonedx-library
(npm)
May 8, 2024
Apache Inlong Deserialization of Untrusted Data vulnerability
High
CVE-2024-26579
was published
for
org.apache.inlong:manager-pojo
(Maven)
May 8, 2024
ProTip!
Advisories are also available from the
GraphQL API