GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,444
Erlang
29
GitHub Actions
16
Go
1,668
Maven
4,928
npm
3,458
NuGet
595
pip
2,876
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,444 advisories
Filter by severity
Sylius has potential Cross Site Scripting vulnerability via the "Province" field in the Checkout and Address Book
Moderate
CVE-2024-29376
was published
for
sylius/sylius
(Composer)
May 10, 2024
Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel
Low
CVE-2024-34349
was published
for
sylius/sylius
(Composer)
May 10, 2024
Blind XSS Leading to Froxlor Application Compromise
Critical
CVE-2024-34070
was published
for
froxlor/froxlor
(Composer)
May 10, 2024
Kimai information disclosure vulnerability
Low
CVE-2024-4596
was published
for
kimai/kimai
(Composer)
May 7, 2024
Zenario uses Twig filters insecurely in the Twig Snippet plugin
Moderate
CVE-2024-34461
was published
for
tribalsystems/zenario
(Composer)
May 4, 2024
Zenario's Tree Explorer tool from Organizer affected by Cross-site Scripting
Moderate
CVE-2024-34460
was published
for
tribalsystems/zenario
(Composer)
May 4, 2024
Pterodactyl panel's admin area vulnerable to Cross-site Scripting
Moderate
CVE-2024-34067
was published
for
pterodactyl/panel
(Composer)
May 3, 2024
mdanter/ecc affected by timing vulnerability in cryptographic side-channels
Moderate
CVE-2024-33851
was published
for
mdanter/ecc
(Composer)
Apr 28, 2024
Lavalite CMS Cross Site Scripting vulnerability
Moderate
CVE-2024-31828
was published
for
lavalite/cms
(Composer)
Apr 27, 2024
Passbolt API allows HTML injection
Moderate
CVE-2024-33670
was published
for
passbolt/passbolt_api
(Composer)
Apr 26, 2024
PHPECC vulnerable to multiple cryptographic side-channel attacks
Critical
GHSA-346h-749j-r28w
was published
for
mdanter/ecc
(Composer)
Apr 25, 2024
Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881
Moderate
GHSA-vjwg-28gv-pm8h
was published
for
pimcore/pimcore
(Composer)
Apr 24, 2024
Zend Framework SQL injection vulnerability
Critical
CVE-2014-8089
was published
for
zendframework/zend-db
(Composer)
Apr 23, 2024
Drupal Core Remote Code Execution Vulnerability
Critical
CVE-2018-7602
was published
for
drupal/core
(Composer)
Apr 23, 2024
Sylius Cross Site Scripting (XSS) vulnerability
Moderate
CVE-2024-29376
was published
for
sylius/sylius
(Composer)
Apr 22, 2024
LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction
High
CVE-2024-32480
was published
for
librenms/librenms
(Composer)
Apr 22, 2024
LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS
High
CVE-2024-32479
was published
for
librenms/librenms
(Composer)
Apr 22, 2024
LibreNMS vulnerable to SQL injection time-based leads to database extraction
High
CVE-2024-32461
was published
for
librenms/librenms
(Composer)
Apr 22, 2024
TCPDF vulnerable to Regular Expression Denial of Service
Moderate
CVE-2024-22640
was published
for
tecnickcom/tcpdf
(Composer)
Apr 19, 2024
Dolibarr Application Home Page has HTML injection vulnerability
High
CVE-2024-23817
was published
for
dolibarr/dolibarr
(Composer)
Apr 18, 2024
Dolibarr vulnerable to Cross-Site Request Forgery
High
CVE-2024-31503
was published
for
dolibarr/dolibarr
(Composer)
Apr 17, 2024
TCPDF Cross-site Scripting vulnerability
Moderate
CVE-2024-32489
was published
for
tecnickcom/tcpdf
(Composer)
Apr 15, 2024
Dusk plugin may allow unfettered user authentication in misconfigured installs
High
CVE-2024-32003
was published
for
winter/wn-dusk-plugin
(Composer)
Apr 12, 2024
Mautic: MST-48 Server-Side Request Forgery in Asset section
Moderate
CVE-2022-25777
was published
for
mautic/core
(Composer)
Apr 12, 2024
Mautic Sensitive Data Exposure due to inadequate user permission settings
High
CVE-2022-25776
was published
for
mautic/core
(Composer)
Apr 12, 2024
ProTip!
Advisories are also available from the
GraphQL API