GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,091 advisories
Filter by severity
symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension
Moderate
GHSA-g5vj-wj9x-4jg9
was published
for
symbiote/silverstripe-multivaluefield
(Composer)
May 29, 2024
SimpleSAMLphp Link Injection vulnerability
Moderate
GHSA-v858-922f-fj9v
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
silverstripe/framework code execution vulnerability
High
GHSA-vgxh-x8jv-hmff
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework CSV Excel Macro Injection
High
GHSA-mqjc-x563-c9q8
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Ghost allows CSV Injection during member CSV export
High
CVE-2024-34448
was published
for
@tryghost/members-csv
(npm)
May 22, 2024
NASA AIT-Core vulnerable to remote code execution
Critical
CVE-2024-35059
was published
for
ait-core
(pip)
May 21, 2024
Shopware Remote Code Execution Vulnerability
Critical
GHSA-7336-ghhp-f2qj
was published
for
shopware/shopware
(Composer)
May 21, 2024
Shopware Remote Code Execution Vulnerability
Critical
GHSA-q3g4-2vw9-xv27
was published
for
shopware/shopware
(Composer)
May 21, 2024
Pusher Service Channel Authentication Bypass
Moderate
GHSA-7v7m-pcw5-h3cg
was published
for
pusher/pusher-php-server
(Composer)
May 20, 2024
An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay...
Critical
Unreviewed
CVE-2024-34919
was published
May 17, 2024
Monolog Header injection in NativeMailerHandler
Low
GHSA-f57v-q966-7fh6
was published
for
monolog/monolog
(Composer)
May 15, 2024
modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run...
High
Unreviewed
CVE-2023-46304
was published
Apr 30, 2024
Contao: Insufficient BBCode sanitizer
Moderate
CVE-2024-28234
was published
for
contao/comments-bundle
(Composer)
Apr 9, 2024
Contao: Unencoded insert tags in the frontend
Low
CVE-2024-28191
was published
for
contao/core-bundle
(Composer)
Apr 9, 2024
Xuxueli xxl-job template injection vulnerability
Low
CVE-2024-3366
was published
for
com.xuxueli:xxl-job-core
(Maven)
Apr 6, 2024
Un-sanitized metric name or labels can be used to take over exported metrics
Moderate
CVE-2024-28867
was published
for
github.com/swift-server/swift-prometheus
(Swift)
Mar 29, 2024
Content-Security-Policy header generation in middleware could be compromised by malicious injections
High
CVE-2024-29896
was published
for
@kindspells/astro-shield
(npm)
Mar 29, 2024
RDoc RCE vulnerability with .rdoc_options
Moderate
CVE-2024-27281
was published
for
rdoc
(RubyGems)
Mar 25, 2024
Server crashes on invalid Cloud Function or Cloud Job name
Critical
CVE-2024-29027
was published
for
parse-server
(npm)
Mar 19, 2024
RCE in TranformGraph().to_dot_graph function
High
CVE-2023-41334
was published
for
astropy
(pip)
Mar 18, 2024
TurboBoost Commands vulnerable to arbitrary method invocation
High
CVE-2024-28181
was published
for
@turbo-boost/commands
(RubyGems)
Mar 15, 2024
Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x...
Moderate
Unreviewed
CVE-2024-2445
was published
Mar 15, 2024
This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server....
Moderate
Unreviewed
CVE-2024-1883
was published
Mar 14, 2024
This vulnerability allows an already authenticated admin user to create a malicious payload that...
High
Unreviewed
CVE-2024-1882
was published
Mar 14, 2024
ProTip!
Advisories are also available from the
GraphQL API