GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,084
Erlang
29
GitHub Actions
19
Go
1,910
Maven
5,000+
npm
3,646
NuGet
638
pip
3,261
Pub
10
RubyGems
870
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,351 advisories
Filter by severity
Automad Cross-site Scripting vulnerability
Moderate
CVE-2024-40111
was published
for
automad/automad
(Composer)
Aug 23, 2024
•
withdrawn
Magento Open Source Cross-Site Request Forgery vulnerability
Moderate
CVE-2024-39408
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2024-39409
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
Magento Open Source Improper Authorization vulnerability
Moderate
CVE-2024-39412
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
Magento Open Source Path Traversal vulnerability
Moderate
CVE-2024-39406
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2024-39410
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api
Moderate
CVE-2024-42354
was published
for
shopware/core
(Composer)
Aug 8, 2024
Microweber Reflected Cross-site scripting (XSS) vulnerability
Moderate
CVE-2024-40101
was published
for
microweber/microweber
(Composer)
Aug 6, 2024
Microweber Cross Site Scripting (XSS) vulnerability
Moderate
CVE-2024-41380
was published
for
microweber/microweber
(Composer)
Aug 5, 2024
Microweber Cross Site Scripting (XSS) vulnerability
Moderate
CVE-2024-41381
was published
for
microweber/microweber
(Composer)
Aug 5, 2024
eZ Platform Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget
Moderate
GHSA-gc5h-6jx9-q2qh
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
Jul 31, 2024
Ibexa Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget
Moderate
CVE-2024-39318
was published
for
ibexa/admin-ui
(Composer)
Jul 31, 2024
Bolt CMS Cross-site Scripting vulnerability
Moderate
CVE-2024-7300
was published
for
bolt/bolt
(Composer)
Jul 31, 2024
Pimcore vulnerable to disclosure of system and database information behind /admin firewall
Moderate
CVE-2024-41109
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Jul 30, 2024
Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs
Moderate
CVE-2024-41676
was published
for
openmage/magento-lts
(Composer)
Jul 29, 2024
ICEcoder vulnerable to Cross Site Scripting
Moderate
CVE-2024-41374
was published
for
icecoder/icecoder
(Composer)
Jul 26, 2024
ICEcoder Path Traversal vulnerability
Moderate
CVE-2024-41373
was published
for
icecoder/icecoder
(Composer)
Jul 26, 2024
ICEcoder vulnerable to Cross Site Scripting
Moderate
CVE-2024-41375
was published
for
icecoder/icecoder
(Composer)
Jul 26, 2024
Reflected Cross Site-Scripting (XSS) in Oveleon Cookiebar
Moderate
CVE-2024-47069
was published
for
oveleon/contao-cookiebar
(Composer)
Jul 26, 2024
Craft CMS Allows TOTP Token To Stay Valid After Use
Moderate
CVE-2024-41800
was published
for
craftcms/cms
(Composer)
Jul 25, 2024
Dolibarr ERP CRM vulnerable to remote code execution (RCE)
Moderate
CVE-2024-40137
was published
for
dolibarr/dolibarr
(Composer)
Jul 24, 2024
Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain places
Moderate
CVE-2024-41709
was published
for
backdrop/backdrop
(Composer)
Jul 22, 2024
ProcessWire Cross Site Request Forgery vulnerability
Moderate
CVE-2024-41597
was published
for
processwire/processwire
(Composer)
Jul 19, 2024
Automad arbitrary file upload vulnerability
Moderate
CVE-2024-40400
was published
for
automad/automad
(Composer)
Jul 19, 2024
Silverstripe uses TinyMCE which allows svg files linked in object tags
Moderate
GHSA-52cw-pvq9-9m5v
was published
for
silverstripe/framework
(Composer)
Jul 17, 2024
ProTip!
Advisories are also available from the
GraphQL API