GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
8,371 advisories
Filter by severity
Drupal Anonymous Open Redirect
Moderate
GHSA-x6v2-xmrq-574j
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal Content moderation Access bypass
Moderate
GHSA-86xw-vmcx-9mj4
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal External URL injection through URL aliases leading to Open Redirect
Moderate
GHSA-r67r-42wx-c8r7
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal core Cross-Site Scripting (XSS) vulnerabilities
Moderate
GHSA-vfgc-c76h-mwh4
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core Open Redirect vulnerability
Moderate
GHSA-6gf6-24h2-66j4
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core uses a vulnerable Third-party library CKEditor
Moderate
GHSA-v273-j5hq-26xp
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core Access bypass
Moderate
GHSA-mh4h-27gq-cxwj
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core unrestricted file upload
Moderate
GHSA-7gwj-7fhm-vw4w
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core Denial of Service
Moderate
GHSA-pr99-c33p-fwf6
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal Anonymous Open Redirect
Moderate
GHSA-gfvf-2f25-f34r
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal External URL injection through URL aliases leading to Open Redirect
Moderate
GHSA-7f4f-p7mq-p4fv
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal Content moderation Access bypass
Moderate
GHSA-f84q-mgj9-8jfc
was published
for
drupal/core
(Composer)
May 15, 2024
wolfictl leaks GitHub tokens to remote non-GitHub git servers
Moderate
CVE-2024-35183
was published
for
github.com/wolfi-dev/wolfictl
(Go)
May 15, 2024
doctrine/doctrine-module zero-valued authentication credentials vulnerability
Moderate
GHSA-9wv8-3h8h-x2wc
was published
for
doctrine/doctrine-module
(Composer)
May 15, 2024
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability
Moderate
CVE-2024-28087
was published
for
org.bonitasoft.engine:bonita-server
(Maven)
May 15, 2024
Inadequate XSS Prevention in CodeIgniter/Framework Security Library
Moderate
GHSA-q9j3-4ghj-6h57
was published
for
codeigniter/framework
(Composer)
May 15, 2024
Denial of Service in extension "Code Highlight" (codehighlight)
Moderate
GHSA-4cv2-xc5f-px8h
was published
for
brotkrueml/codehighlight
(Composer)
May 15, 2024
Denial of Service in extension "Code Highlight" (codehighlight)
Moderate
GHSA-65xh-hh78-6454
was published
for
brotkrueml/codehighlight
(Composer)
May 15, 2024
amphp/http Host Header Injection vulnerability
Moderate
GHSA-8v5x-6vv5-jv4g
was published
for
amphp/http
(Composer)
May 15, 2024
amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance
Moderate
GHSA-gm98-g2wf-7c68
was published
for
amphp/artax
(Composer)
May 15, 2024
amphp/http-client Header leakage on cross-domain redirects
Moderate
GHSA-8jp9-mpv9-98rj
was published
for
amphp/http-client
(Composer)
May 15, 2024
asymmetricrypt/asymmetricrypt Padding Oracle Vulnerability in RSA Encryption
Moderate
GHSA-87mp-xc4x-x8rh
was published
for
asymmetricrypt/asymmetricrypt
(Composer)
May 15, 2024
goreleaser shows environment by default
Moderate
GHSA-f6mm-5fc7-3g3c
was published
for
github.com/goreleaser/goreleaser
(Go)
May 15, 2024
source-controller leaks Azure Storage SAS token into logs
Moderate
CVE-2024-31216
was published
for
github.com/fluxcd/source-controller
(Go)
May 15, 2024
azure-file-csi-driver leaks service account tokens in the logs
Moderate
CVE-2024-3744
was published
for
sigs.k8s.io/azurefile-csi-driver
(Go)
May 15, 2024
ProTip!
Advisories are also available from the
GraphQL API