GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
21,541 advisories
Filter by severity
Magento Patch SUPEE-10752 - Multiple security enhancements vulnerabilities
Critical
GHSA-prpf-cj87-hwvr
was published
for
magento/community-edition
(Composer)
May 15, 2024
Laravel RCE vulnerability in "cookie" session driver
Critical
GHSA-qm5c-m76r-2hfr
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel RCE vulnerability in "cookie" session driver
Critical
GHSA-2ffv-r4r9-r8xr
was published
for
illuminate/cookie
(Composer)
May 15, 2024
gree/jose - "None" Algorithm treated as valid in tokens
Critical
GHSA-9gxv-x7rp-r2hc
was published
for
gree/jose
(Composer)
May 15, 2024
firebase/php-jwt: "None" Algorithm treated as valid on tokens
Critical
GHSA-h533-5v22-8vcp
was published
for
firebase/php-jwt
(Composer)
May 15, 2024
CyberPower PowerPanel business
application code contains a hard-coded JWT signing key. This...
Critical
Unreviewed
CVE-2024-33625
was published
May 15, 2024
Hard-coded credentials for the
CyberPower PowerPanel test server can be found in the
production...
Critical
Unreviewed
CVE-2024-32047
was published
May 15, 2024
CyberPower PowerPanel business application code contains a hard-coded set of authentication ...
Critical
Unreviewed
CVE-2024-34025
was published
May 15, 2024
Hard-coded credentials are used by the
CyberPower PowerPanel
platform to authenticate to the ...
Critical
Unreviewed
CVE-2024-32053
was published
May 15, 2024
Drupal core Remote Code Execution
Critical
GHSA-jf8c-36vw-98x4
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Critical
GHSA-jjx7-8462-w4m4
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Critical
GHSA-7v68-3pr5-h3cr
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core Remote Code Execution
Critical
GHSA-6mgp-v5cm-ghg5
was published
for
drupal/core
(Composer)
May 15, 2024
Doctrine SQL injection vulnerability
Critical
GHSA-6q9v-4hq6-5m67
was published
for
doctrine/orm
(Composer)
May 15, 2024
contao/core Insufficient input validation allows for code injection and remote execution
Critical
GHSA-wxxw-5gq6-j2g5
was published
for
contao/core
(Composer)
May 15, 2024
An issue was identified in the Identity Security Cloud (ISC) Transform preview and...
Critical
Unreviewed
CVE-2024-3319
was published
May 15, 2024
codeigniter/framework SQL injection in ODBC database driver
Critical
GHSA-27qr-636m-wxg2
was published
for
codeigniter/framework
(Composer)
May 15, 2024
ADOdb SQL injection vulnerability
Critical
GHSA-h63c-xvpf-264j
was published
for
adodb/adodb-php
(Composer)
May 15, 2024
Mautic is vulnerable to XSS vulnerability
Critical
CVE-2020-35125
was published
for
mautic/core
(Composer)
May 15, 2024
Amazon JDBC Driver for Redshift SQL Injection via line comment generation
Critical
CVE-2024-32888
was published
for
com.amazon.redshift:redshift-jdbc42
(Maven)
May 15, 2024
DigiWin EasyFlow .NET lacks validation for certain input parameters, allowing remote attackers to...
Critical
Unreviewed
CVE-2024-4893
was published
May 15, 2024
There is a command injection vulnerability in the underlying deauthentication service that could...
Critical
Unreviewed
CVE-2024-31473
was published
May 15, 2024
There are buffer overflow vulnerabilities in the underlying Central Communications service that...
Critical
Unreviewed
CVE-2024-31468
was published
May 15, 2024
There are buffer overflow vulnerabilities in the underlying Central Communications service that...
Critical
Unreviewed
CVE-2024-31469
was published
May 15, 2024
There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of...
Critical
Unreviewed
CVE-2024-31470
was published
May 15, 2024
ProTip!
Advisories are also available from the
GraphQL API