Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,098 advisories

Loading
ZendFramework Potential Proxy Injection Vulnerabilities Moderate
GHSA-mg7h-9qfx-4r83 was published for zendframework/zendframework (Composer) Jun 7, 2024
ZendFramework Route Parameter Injection Via Query String in `Zend\Mvc` High
GHSA-jq87-2wxp-8349 was published for zendframework/zendframework (Composer) Jun 7, 2024
The EmailGPT service contains a prompt injection vulnerability. The service uses an API service... Moderate Unreviewed
CVE-2024-5184 was published Jun 5, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'... Moderate Unreviewed
CVE-2023-23738 was published Jun 4, 2024
TYPO3 CMS Insecure Deserialization & Arbitrary Code Execution Critical
GHSA-cc97-g92w-jm65 was published for typo3/cms-core (Composer) May 30, 2024
symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension Moderate
GHSA-g5vj-wj9x-4jg9 was published for symbiote/silverstripe-multivaluefield (Composer) May 29, 2024
SimpleSAMLphp Link Injection vulnerability Moderate
GHSA-v858-922f-fj9v was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
silverstripe/framework code execution vulnerability High
GHSA-vgxh-x8jv-hmff was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework CSV Excel Macro Injection High
GHSA-mqjc-x563-c9q8 was published for silverstripe/framework (Composer) May 27, 2024
Ghost allows CSV Injection during member CSV export High
CVE-2024-34448 was published for @tryghost/members-csv (npm) May 22, 2024
NASA AIT-Core vulnerable to remote code execution Critical
CVE-2024-35059 was published for ait-core (pip) May 21, 2024
Shopware Remote Code Execution Vulnerability Critical
GHSA-7336-ghhp-f2qj was published for shopware/shopware (Composer) May 21, 2024
Shopware Remote Code Execution Vulnerability Critical
GHSA-q3g4-2vw9-xv27 was published for shopware/shopware (Composer) May 21, 2024
Pusher Service Channel Authentication Bypass Moderate
GHSA-7v7m-pcw5-h3cg was published for pusher/pusher-php-server (Composer) May 20, 2024
An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay... Critical Unreviewed
CVE-2024-34919 was published May 17, 2024
Monolog Header injection in NativeMailerHandler Low
GHSA-f57v-q966-7fh6 was published for monolog/monolog (Composer) May 15, 2024
tqdm CLI arguments injection attack Low
CVE-2024-34062 was published for tqdm (pip) May 3, 2024
CopperEagle
modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run... High Unreviewed
CVE-2023-46304 was published Apr 30, 2024
Contao: Insufficient BBCode sanitizer Moderate
CVE-2024-28234 was published for contao/comments-bundle (Composer) Apr 9, 2024
m-vo
Contao: Unencoded insert tags in the frontend Low
CVE-2024-28191 was published for contao/core-bundle (Composer) Apr 9, 2024
Xuxueli xxl-job template injection vulnerability Low
CVE-2024-3366 was published for com.xuxueli:xxl-job-core (Maven) Apr 6, 2024
Un-sanitized metric name or labels can be used to take over exported metrics Moderate
CVE-2024-28867 was published for github.com/swift-server/swift-prometheus (Swift) Mar 29, 2024
Content-Security-Policy header generation in middleware could be compromised by malicious injections High
CVE-2024-29896 was published for @kindspells/astro-shield (npm) Mar 29, 2024
castarco
RDoc RCE vulnerability with .rdoc_options Moderate
CVE-2024-27281 was published for rdoc (RubyGems) Mar 25, 2024
Server crashes on invalid Cloud Function or Cloud Job name Critical
CVE-2024-29027 was published for parse-server (npm) Mar 19, 2024
mtrezza EhsanParsania
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database