GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,478
Erlang
29
GitHub Actions
16
Go
1,694
Maven
4,935
npm
3,466
NuGet
601
pip
2,971
Pub
10
RubyGems
825
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,607 advisories
Filter by severity
datadog/dd-trace Circumvents open_basedir INI directive
Low
GHSA-qvgg-r6rq-vwfx
was published
for
datadog/dd-trace
(Composer)
May 15, 2024
contao/core PHP object injection vulnerability allows for arbitrary code execution
High
GHSA-wq43-8r5p-w3mc
was published
for
contao/core
(Composer)
May 15, 2024
contao/core Insufficient input validation allows for code injection and remote execution
Critical
GHSA-wxxw-5gq6-j2g5
was published
for
contao/core
(Composer)
May 15, 2024
codeigniter/framework SQL injection in ODBC database driver
Critical
GHSA-27qr-636m-wxg2
was published
for
codeigniter/framework
(Composer)
May 15, 2024
Inadequate XSS Prevention in CodeIgniter/Framework Security Library
Moderate
GHSA-q9j3-4ghj-6h57
was published
for
codeigniter/framework
(Composer)
May 15, 2024
OpenCFP Framework (Sentry) Account takeover via null password reset codes
High
GHSA-2m5g-8xpw-42vp
was published
for
cartalyst/sentry
(Composer)
May 15, 2024
cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction
High
GHSA-pgj4-g5j4-cmfx
was published
for
cart2quote/module-quotation-encoded
(Composer)
May 15, 2024
Denial of Service in extension "Code Highlight" (codehighlight)
Moderate
GHSA-4cv2-xc5f-px8h
was published
for
brotkrueml/codehighlight
(Composer)
May 15, 2024
Denial of Service in extension "Code Highlight" (codehighlight)
Moderate
GHSA-65xh-hh78-6454
was published
for
brotkrueml/codehighlight
(Composer)
May 15, 2024
amphp/http Host Header Injection vulnerability
Moderate
GHSA-8v5x-6vv5-jv4g
was published
for
amphp/http
(Composer)
May 15, 2024
amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance
Moderate
GHSA-gm98-g2wf-7c68
was published
for
amphp/artax
(Composer)
May 15, 2024
amphp/http-client Header leakage on cross-domain redirects
Moderate
GHSA-8jp9-mpv9-98rj
was published
for
amphp/http-client
(Composer)
May 15, 2024
asymmetricrypt/asymmetricrypt Padding Oracle Vulnerability in RSA Encryption
Moderate
GHSA-87mp-xc4x-x8rh
was published
for
asymmetricrypt/asymmetricrypt
(Composer)
May 15, 2024
easyadmin-extension-bundle action case insensitivity
High
GHSA-32rx-xvvr-4xv9
was published
for
alterphp/easyadmin-extension-bundle
(Composer)
May 15, 2024
ADOdb SQL injection vulnerability
Critical
GHSA-h63c-xvpf-264j
was published
for
adodb/adodb-php
(Composer)
May 15, 2024
pygmentize Remote Code Execution
High
GHSA-77mv-mp2j-gxxh
was published
for
3f/pygmentize
(Composer)
May 15, 2024
Mautic is vulnerable to XSS vulnerability
Critical
CVE-2020-35125
was published
for
mautic/core
(Composer)
May 15, 2024
goreleaser shows environment by default
Moderate
GHSA-f6mm-5fc7-3g3c
was published
for
github.com/goreleaser/goreleaser
(Go)
May 15, 2024
Grav Vulnerable to Arbitrary File Read to Account Takeover
High
CVE-2024-34082
was published
for
getgrav/grav
(Composer)
May 15, 2024
Amazon JDBC Driver for Redshift SQL Injection via line comment generation
Critical
CVE-2024-32888
was published
for
com.amazon.redshift:redshift-jdbc42
(Maven)
May 15, 2024
source-controller leaks Azure Storage SAS token into logs
Moderate
CVE-2024-31216
was published
for
github.com/fluxcd/source-controller
(Go)
May 15, 2024
azure-file-csi-driver leaks service account tokens in the logs
Moderate
CVE-2024-3744
was published
for
sigs.k8s.io/azurefile-csi-driver
(Go)
May 15, 2024
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address
Moderate
CVE-2024-35175
was published
for
github.com/tg123/sshpiper
(Go)
May 14, 2024
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
Low
GHSA-r3w4-36x6-7r99
was published
for
nokogiri
(RubyGems)
May 14, 2024
Grafana folders admin only permission privilege escalation
High
CVE-2022-36062
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
ProTip!
Advisories are also available from the
GraphQL API