Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

6,565 advisories

Drupal core Arbitrary PHP code execution High
GHSA-gxxj-g9v8-w28p was published for drupal/core (Composer) May 15, 2024
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar High
GHSA-98h9-727m-44qv was published for drupal/core (Composer) May 15, 2024
doctrine/orm Regression in Query Parenthesis can have Security Implications High
GHSA-vjrg-wpm8-rhrw was published for doctrine/orm (Composer) May 15, 2024
Doctrine DBAL SQL injection possibility High
GHSA-76w8-mqx4-wjrf was published for doctrine/dbal (Composer) May 15, 2024
contao/core PHP object injection vulnerability allows for arbitrary code execution High
GHSA-wq43-8r5p-w3mc was published for contao/core (Composer) May 15, 2024
OpenCFP Framework (Sentry) Account takeover via null password reset codes High
GHSA-2m5g-8xpw-42vp was published for cartalyst/sentry (Composer) May 15, 2024
cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction High
GHSA-pgj4-g5j4-cmfx was published for cart2quote/module-quotation-encoded (Composer) May 15, 2024
easyadmin-extension-bundle action case insensitivity High
GHSA-32rx-xvvr-4xv9 was published for alterphp/easyadmin-extension-bundle (Composer) May 15, 2024
pygmentize Remote Code Execution High
GHSA-77mv-mp2j-gxxh was published for 3f/pygmentize (Composer) May 15, 2024
Grav Vulnerable to Arbitrary File Read to Account Takeover High
CVE-2024-34082 was published for getgrav/grav (Composer) May 15, 2024
richighimi
Grafana folders admin only permission privilege escalation High
CVE-2022-36062 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana account takeover via OAuth vulnerability High
CVE-2022-31107 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Stored Cross-site Scripting in Unified Alerting High
CVE-2022-31097 was published for github.com/grafana/grafana (Go) May 14, 2024
dotmesh arbitrary file read and/or write High
CVE-2020-26312 was published for github.com/dotmesh-io/dotmesh (Go) May 14, 2024
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled High
CVE-2024-32977 was published for OctoPrint (pip) May 14, 2024
jacopotediosi
github.com/containers/image allows unexpected authenticated registry accesses High
CVE-2024-3727 was published for github.com/containers/image (Go) May 14, 2024
Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages High
CVE-2024-34707 was published for nautobot (pip) May 13, 2024
michaelpanorios
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue High
CVE-2023-49781 was published for nocodb (npm) May 13, 2024
zpbrent
Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process High
CVE-2024-34077 was published for mantisbt/mantisbt (Composer) May 13, 2024
dregad redna-xela
Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX High
CVE-2024-34360 was published for github.com/spacemeshos/api (Go) May 10, 2024
Next.js Server-Side Request Forgery in Server Actions High
CVE-2024-34351 was published for next (npm) May 9, 2024
Next.js Vulnerable to HTTP Request Smuggling High
CVE-2024-34350 was published for next (npm) May 9, 2024
elifoster-block
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow High
CVE-2024-32655 was published for Npgsql (NuGet) May 9, 2024
paul-gerste-sonarsource NinoFloris
@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability High
CVE-2024-34345 was published for @cyclonedx/cyclonedx-library (npm) May 8, 2024
jkowalleck
Apache Inlong Deserialization of Untrusted Data vulnerability High
CVE-2024-26579 was published for org.apache.inlong:manager-pojo (Maven) May 8, 2024
ProTip! Advisories are also available from the GraphQL API