GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,634
NuGet
638
pip
3,249
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+
77 advisories
Filter by severity
Contao affected by insert tag injection via canonical URL
Moderate
CVE-2024-45612
was published
for
contao/core-bundle
(Composer)
Sep 17, 2024
Invenio-App vulnerable to host header injection attack
Moderate
CVE-2019-1020006
was published
for
invenio-app
(pip)
Jul 16, 2019
D-Tale Command Execution Vulnerability
Moderate
CVE-2024-8862
was published
for
dtale
(pip)
Sep 16, 2024
D-Tale vulnerable to Remote Code Execution through the Query input on Chart Builder
Moderate
CVE-2024-45595
was published
for
dtale
(pip)
Sep 10, 2024
RDoc RCE vulnerability with .rdoc_options
Moderate
CVE-2024-27281
was published
for
rdoc
(RubyGems)
Mar 25, 2024
Apache Airflow Potential Cross-site Scripting Vulnerability
Moderate
CVE-2024-39863
was published
for
apache-airflow
(pip)
Jul 17, 2024
dbt has an implicit override for built-in materializations from installed packages
Moderate
CVE-2024-40637
was published
for
dbt-core
(pip)
Jul 17, 2024
Dolibarr ERP CRM vulnerable to remote code execution (RCE)
Moderate
CVE-2024-40137
was published
for
dolibarr/dolibarr
(Composer)
Jul 24, 2024
ZendFramework potential remote code execution in zend-mail via Sendmail adapter
Moderate
GHSA-gff2-p6vm-3p8g
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
ZendFramework Potential Proxy Injection Vulnerabilities
Moderate
GHSA-mg7h-9qfx-4r83
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
Improper Neutralization of Special Elements in Output in helm.sh/helm/v3
Moderate
CVE-2021-21303
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension
Moderate
GHSA-g5vj-wj9x-4jg9
was published
for
symbiote/silverstripe-multivaluefield
(Composer)
May 29, 2024
SimpleSAMLphp Link Injection vulnerability
Moderate
GHSA-v858-922f-fj9v
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
Pusher Service Channel Authentication Bypass
Moderate
GHSA-7v7m-pcw5-h3cg
was published
for
pusher/pusher-php-server
(Composer)
May 20, 2024
SilverStripe CSV Excel Macro Injection
Moderate
CVE-2017-18049
was published
for
silverstripe/framework
(Composer)
May 14, 2022
Contao Insert tag injection in forms
Moderate
CVE-2020-25768
was published
for
contao/contao
(Composer)
Sep 24, 2020
Contao: Insufficient BBCode sanitizer
Moderate
CVE-2024-28234
was published
for
contao/comments-bundle
(Composer)
Apr 9, 2024
MediaWiki makeCollapsible allows applying event handler to any CSS selector
Moderate
CVE-2020-10960
was published
for
mediawiki/core
(Composer)
May 24, 2022
Un-sanitized metric name or labels can be used to take over exported metrics
Moderate
CVE-2024-28867
was published
for
github.com/swift-server/swift-prometheus
(Swift)
Mar 29, 2024
ewen-lbh/ffcss Late-Unicode normalization vulnerability
Moderate
CVE-2023-52081
was published
for
github.com/ewen-lbh/ffcss
(Go)
Dec 28, 2023
Magento 2 Community Edition Injection Vulnerability
Moderate
CVE-2019-7889
was published
for
magento/community-edition
(Composer)
May 24, 2022
Mautic vulnerable to secret data exfiltration via symfony parameters
Moderate
CVE-2021-27908
was published
for
mautic/core
(Composer)
Apr 6, 2021
Zenario CMS vulnerable to CRLF injection
Moderate
CVE-2015-3154
was published
for
zendframework/zend-http
(Composer)
May 24, 2022
pyload Log Injection vulnerability
Moderate
CVE-2024-21645
was published
for
pyload-ng
(pip)
Jan 8, 2024
Abstrium Pydio Cells Resource Injection vulnerability
Moderate
CVE-2023-2980
was published
for
github.com/pydio/cells/v4
(Go)
May 30, 2023
ProTip!
Advisories are also available from the
GraphQL API