GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,160 advisories
Filter by severity
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Low
Unreviewed
CVE-2024-37253
was published
Jul 9, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Low
Unreviewed
CVE-2024-37442
was published
Jul 9, 2024
A vulnerability was found in playSMS 1.4.3. It has been rated as problematic. Affected by this...
Moderate
Unreviewed
CVE-2024-6470
was published
Jul 3, 2024
A vulnerability was found in playSMS 1.4.3. It has been declared as problematic. Affected by this...
Moderate
Unreviewed
CVE-2024-6469
was published
Jul 3, 2024
Soft Circle French-Bread Melty Blood: Actress Again: Current Code through 1.07 Rev. 1.4.0 allows...
Critical
Unreviewed
CVE-2024-39704
was published
Jul 3, 2024
DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language)...
Critical
Unreviewed
CVE-2024-37759
was published
Jun 24, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Moderate
Unreviewed
CVE-2024-35680
was published
Jun 10, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Moderate
Unreviewed
CVE-2024-35728
was published
Jun 10, 2024
willdurand/js-translation-bundle potential path traversal attack and remote code injection
Critical
GHSA-x86x-qhf8-f37w
was published
for
willdurand/js-translation-bundle
(Composer)
Jun 7, 2024
Zend-Mail remote code execution in zend-mail via Sendmail adapter
High
GHSA-cxf7-m5g2-v594
was published
for
zendframework/zend-mail
(Composer)
Jun 7, 2024
ZendFramework potential remote code execution in zend-mail via Sendmail adapter
Moderate
GHSA-gff2-p6vm-3p8g
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
ZendFramework Potential Proxy Injection Vulnerabilities
Moderate
GHSA-mg7h-9qfx-4r83
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
ZendFramework Route Parameter Injection Via Query String in `Zend\Mvc`
High
GHSA-jq87-2wxp-8349
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
The EmailGPT service contains a prompt injection vulnerability. The service uses an API service...
Moderate
Unreviewed
CVE-2024-5184
was published
Jun 5, 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'...
Moderate
Unreviewed
CVE-2023-23738
was published
Jun 4, 2024
TYPO3 CMS Insecure Deserialization & Arbitrary Code Execution
Critical
GHSA-cc97-g92w-jm65
was published
for
typo3/cms-core
(Composer)
May 30, 2024
symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension
Moderate
GHSA-g5vj-wj9x-4jg9
was published
for
symbiote/silverstripe-multivaluefield
(Composer)
May 29, 2024
SimpleSAMLphp Link Injection vulnerability
Moderate
GHSA-v858-922f-fj9v
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
silverstripe/framework code execution vulnerability
High
GHSA-vgxh-x8jv-hmff
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework CSV Excel Macro Injection
High
GHSA-mqjc-x563-c9q8
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Ghost allows CSV Injection during member CSV export
High
CVE-2024-34448
was published
for
@tryghost/members-csv
(npm)
May 22, 2024
NASA AIT-Core vulnerable to remote code execution
Critical
CVE-2024-35059
was published
for
ait-core
(pip)
May 21, 2024
Shopware Remote Code Execution Vulnerability
Critical
GHSA-7336-ghhp-f2qj
was published
for
shopware/shopware
(Composer)
May 21, 2024
Shopware Remote Code Execution Vulnerability
Critical
GHSA-q3g4-2vw9-xv27
was published
for
shopware/shopware
(Composer)
May 21, 2024
Pusher Service Channel Authentication Bypass
Moderate
GHSA-7v7m-pcw5-h3cg
was published
for
pusher/pusher-php-server
(Composer)
May 20, 2024
ProTip!
Advisories are also available from the
GraphQL API