Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,478
Erlang
29
GitHub Actions
16
Go
1,694
Maven
4,935
npm
3,466
NuGet
601
pip
2,971
Pub
10
RubyGems
825
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18,607 advisories

datadog/dd-trace Circumvents open_basedir INI directive Low
GHSA-qvgg-r6rq-vwfx was published for datadog/dd-trace (Composer) May 15, 2024
contao/core PHP object injection vulnerability allows for arbitrary code execution High
GHSA-wq43-8r5p-w3mc was published for contao/core (Composer) May 15, 2024
contao/core Insufficient input validation allows for code injection and remote execution Critical
GHSA-wxxw-5gq6-j2g5 was published for contao/core (Composer) May 15, 2024
codeigniter/framework SQL injection in ODBC database driver Critical
GHSA-27qr-636m-wxg2 was published for codeigniter/framework (Composer) May 15, 2024
Inadequate XSS Prevention in CodeIgniter/Framework Security Library Moderate
GHSA-q9j3-4ghj-6h57 was published for codeigniter/framework (Composer) May 15, 2024
OpenCFP Framework (Sentry) Account takeover via null password reset codes High
GHSA-2m5g-8xpw-42vp was published for cartalyst/sentry (Composer) May 15, 2024
cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction High
GHSA-pgj4-g5j4-cmfx was published for cart2quote/module-quotation-encoded (Composer) May 15, 2024
Denial of Service in extension "Code Highlight" (codehighlight) Moderate
GHSA-4cv2-xc5f-px8h was published for brotkrueml/codehighlight (Composer) May 15, 2024
Denial of Service in extension "Code Highlight" (codehighlight) Moderate
GHSA-65xh-hh78-6454 was published for brotkrueml/codehighlight (Composer) May 15, 2024
amphp/http Host Header Injection vulnerability Moderate
GHSA-8v5x-6vv5-jv4g was published for amphp/http (Composer) May 15, 2024
amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance Moderate
GHSA-gm98-g2wf-7c68 was published for amphp/artax (Composer) May 15, 2024
amphp/http-client Header leakage on cross-domain redirects Moderate
GHSA-8jp9-mpv9-98rj was published for amphp/http-client (Composer) May 15, 2024
asymmetricrypt/asymmetricrypt Padding Oracle Vulnerability in RSA Encryption Moderate
GHSA-87mp-xc4x-x8rh was published for asymmetricrypt/asymmetricrypt (Composer) May 15, 2024
easyadmin-extension-bundle action case insensitivity High
GHSA-32rx-xvvr-4xv9 was published for alterphp/easyadmin-extension-bundle (Composer) May 15, 2024
ADOdb SQL injection vulnerability Critical
GHSA-h63c-xvpf-264j was published for adodb/adodb-php (Composer) May 15, 2024
pygmentize Remote Code Execution High
GHSA-77mv-mp2j-gxxh was published for 3f/pygmentize (Composer) May 15, 2024
Mautic is vulnerable to XSS vulnerability Critical
CVE-2020-35125 was published for mautic/core (Composer) May 15, 2024
nvn1729
goreleaser shows environment by default Moderate
GHSA-f6mm-5fc7-3g3c was published for github.com/goreleaser/goreleaser (Go) May 15, 2024
xrstf xmudrii
caarlos0
Grav Vulnerable to Arbitrary File Read to Account Takeover High
CVE-2024-34082 was published for getgrav/grav (Composer) May 15, 2024
richighimi
Amazon JDBC Driver for Redshift SQL Injection via line comment generation Critical
CVE-2024-32888 was published for com.amazon.redshift:redshift-jdbc42 (Maven) May 15, 2024
paul-gerste-sonarsource
source-controller leaks Azure Storage SAS token into logs Moderate
CVE-2024-31216 was published for github.com/fluxcd/source-controller (Go) May 15, 2024
azure-file-csi-driver leaks service account tokens in the logs Moderate
CVE-2024-3744 was published for sigs.k8s.io/azurefile-csi-driver (Go) May 15, 2024
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address Moderate
CVE-2024-35175 was published for github.com/tg123/sshpiper (Go) May 14, 2024
pgibson1-godaddy mtrop-godaddy
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 Low
GHSA-r3w4-36x6-7r99 was published for nokogiri (RubyGems) May 14, 2024
Grafana folders admin only permission privilege escalation High
CVE-2022-36062 was published for github.com/grafana/grafana (Go) May 14, 2024
ProTip! Advisories are also available from the GraphQL API