GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,731
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,946
npm
3,474
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,936 advisories
Filter by severity
symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension
Moderate
GHSA-g5vj-wj9x-4jg9
was published
for
symbiote/silverstripe-multivaluefield
(Composer)
May 29, 2024
Sylius Admin Bundle Cross-Site Request Forgery vulnerability
Moderate
GHSA-945h-6vcv-pc8h
was published
for
sylius/admin-bundle
(Composer)
May 29, 2024
Sylius Resource Bundle Cross-Site Request Forgery vulnerability
Moderate
GHSA-65v7-wg35-2qpm
was published
for
sylius/resource-bundle
(Composer)
May 29, 2024
Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag
High
CVE-2024-35226
was published
for
smarty/smarty
(Composer)
May 29, 2024
Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects
Moderate
CVE-2024-36112
was published
for
nautobot
(pip)
May 29, 2024
MinIO information disclosure vulnerability
Moderate
CVE-2024-36107
was published
for
github.com/minio/minio
(Go)
May 29, 2024
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability
Low
CVE-2024-34715
was published
for
ethyca-fides
(pip)
May 29, 2024
Aimeos denial of service vulnerability in SaaS and marketplace setups
Moderate
GHSA-xjm6-jfmg-qc6p
was published
for
aimeos/aimeos-core
(Composer)
May 29, 2024
Swiftmailer Sendmail transport arbitrary shell execution
Critical
GHSA-4qpj-gxxg-jqg4
was published
for
swiftmailer/swiftmailer
(Composer)
May 29, 2024
stormpath/sdk uses Insecure Random Number Generator
Moderate
GHSA-q8fc-v85f-78pw
was published
for
stormpath/sdk
(Composer)
May 29, 2024
ScnSocialAuth Cross-site Scripting vulnerability in login redirect param
Moderate
GHSA-g6f5-4w43-2x63
was published
for
socalnick/scn-social-auth
(Composer)
May 29, 2024
SimpleSAMLphp Information Disclosure vulnerability
Moderate
GHSA-ppm4-r2vc-pg74
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
ansibleguy-webui Cross-site Scripting vulnerability
High
CVE-2024-36110
was published
for
ansibleguy-webui
(pip)
May 28, 2024
rockhopper Buffer Overflow vulnerability
Moderate
CVE-2022-4969
was published
for
rockhopper
(pip)
May 28, 2024
dbt allows Binding to an Unrestricted IP Address via socketsocket
Moderate
CVE-2024-36105
was published
for
dbt-core
(pip)
May 28, 2024
Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality
Moderate
CVE-2024-35240
was published
for
Umbraco.Commerce
(NuGet)
May 28, 2024
SimpleSAMLphp Reflected Cross-site Scripting vulnerability
Moderate
GHSA-vpr3-cw3h-prw8
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
Umbraco Forms components vulnerable to Stored Cross-site Scripting
Low
CVE-2024-35239
was published
for
Umbraco.Forms
(NuGet)
May 28, 2024
Mocodo vulnerable to SQL injection in `/web/generate.php`
Critical
CVE-2024-35374
was published
for
mocodo
(pip)
May 28, 2024
SimpleSAMLphp signature validation bypass
Critical
GHSA-fjr2-r2mp-484p
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
SimpleSAMLphp exposes credentials in session storage
Moderate
GHSA-7wh8-jrq7-p27f
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
SimpleSAMLphp Link Injection vulnerability
Moderate
GHSA-v858-922f-fj9v
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
silverstripe/subsites Unsafe SQL Query Construction (Safe Data Source)
High
GHSA-xc69-p8fc-m6m5
was published
for
silverstripe/subsites
(Composer)
May 28, 2024
silverstripe/taxonomy SQL Injection vulnerability
High
GHSA-p2v5-xcqm-4fv6
was published
for
silverstripe/taxonomy
(Composer)
May 28, 2024
silverstripe/userforms file upload exposure on UserForms module
Moderate
GHSA-55pp-293f-3365
was published
for
silverstripe/userforms
(Composer)
May 28, 2024
ProTip!
Advisories are also available from the
GraphQL API