GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,824 advisories
Filter by severity
Drupal Anonymous Open Redirect
Moderate
GHSA-x6v2-xmrq-574j
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal Content moderation Access bypass
Moderate
GHSA-86xw-vmcx-9mj4
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal External URL injection through URL aliases leading to Open Redirect
Moderate
GHSA-r67r-42wx-c8r7
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal core Cross-Site Scripting (XSS) vulnerabilities
Moderate
GHSA-vfgc-c76h-mwh4
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core Arbitrary PHP code execution
High
GHSA-gxxj-g9v8-w28p
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core Open Redirect vulnerability
Moderate
GHSA-6gf6-24h2-66j4
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core uses a vulnerable Third-party library CKEditor
Moderate
GHSA-v273-j5hq-26xp
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar
High
GHSA-98h9-727m-44qv
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core Access bypass
Moderate
GHSA-mh4h-27gq-cxwj
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core unrestricted file upload
Moderate
GHSA-7gwj-7fhm-vw4w
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core Denial of Service
Moderate
GHSA-pr99-c33p-fwf6
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Critical
GHSA-7v68-3pr5-h3cr
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core Remote Code Execution
Critical
GHSA-6mgp-v5cm-ghg5
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal Anonymous Open Redirect
Moderate
GHSA-gfvf-2f25-f34r
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal External URL injection through URL aliases leading to Open Redirect
Moderate
GHSA-7f4f-p7mq-p4fv
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal Content moderation Access bypass
Moderate
GHSA-f84q-mgj9-8jfc
was published
for
drupal/core
(Composer)
May 15, 2024
doctrine/orm Regression in Query Parenthesis can have Security Implications
High
GHSA-vjrg-wpm8-rhrw
was published
for
doctrine/orm
(Composer)
May 15, 2024
Doctrine SQL injection vulnerability
Critical
GHSA-6q9v-4hq6-5m67
was published
for
doctrine/orm
(Composer)
May 15, 2024
wolfictl leaks GitHub tokens to remote non-GitHub git servers
Moderate
CVE-2024-35183
was published
for
github.com/wolfi-dev/wolfictl
(Go)
May 15, 2024
doctrine/doctrine-module zero-valued authentication credentials vulnerability
Moderate
GHSA-9wv8-3h8h-x2wc
was published
for
doctrine/doctrine-module
(Composer)
May 15, 2024
Doctrine DBAL SQL injection possibility
High
GHSA-76w8-mqx4-wjrf
was published
for
doctrine/dbal
(Composer)
May 15, 2024
datadog/dd-trace Circumvents open_basedir INI directive
Low
GHSA-qvgg-r6rq-vwfx
was published
for
datadog/dd-trace
(Composer)
May 15, 2024
contao/core PHP object injection vulnerability allows for arbitrary code execution
High
GHSA-wq43-8r5p-w3mc
was published
for
contao/core
(Composer)
May 15, 2024
contao/core Insufficient input validation allows for code injection and remote execution
Critical
GHSA-wxxw-5gq6-j2g5
was published
for
contao/core
(Composer)
May 15, 2024
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability
Moderate
CVE-2024-28087
was published
for
org.bonitasoft.engine:bonita-server
(Maven)
May 15, 2024
ProTip!
Advisories are also available from the
GraphQL API