Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,626
Erlang
29
GitHub Actions
16
Go
1,698
Maven
4,936
npm
3,466
NuGet
601
pip
2,975
Pub
10
RubyGems
826
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18,765 advisories

Drupal core Open Redirect vulnerability Moderate
GHSA-6gf6-24h2-66j4 was published for drupal/core (Composer) May 15, 2024
Drupal core uses a vulnerable Third-party library CKEditor Moderate
GHSA-v273-j5hq-26xp was published for drupal/core (Composer) May 15, 2024
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar High
GHSA-98h9-727m-44qv was published for drupal/core (Composer) May 15, 2024
Drupal core Access bypass Moderate
GHSA-mh4h-27gq-cxwj was published for drupal/core (Composer) May 15, 2024
Drupal core unrestricted file upload Moderate
GHSA-7gwj-7fhm-vw4w was published for drupal/core (Composer) May 15, 2024
Drupal core Denial of Service Moderate
GHSA-pr99-c33p-fwf6 was published for drupal/core (Composer) May 15, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution Critical
GHSA-7v68-3pr5-h3cr was published for drupal/core (Composer) May 15, 2024
Drupal core Remote Code Execution Critical
GHSA-6mgp-v5cm-ghg5 was published for drupal/core (Composer) May 15, 2024
Drupal Anonymous Open Redirect Moderate
GHSA-gfvf-2f25-f34r was published for drupal/core (Composer) May 15, 2024
Drupal External URL injection through URL aliases leading to Open Redirect Moderate
GHSA-7f4f-p7mq-p4fv was published for drupal/core (Composer) May 15, 2024
Drupal Content moderation Access bypass Moderate
GHSA-f84q-mgj9-8jfc was published for drupal/core (Composer) May 15, 2024
doctrine/orm Regression in Query Parenthesis can have Security Implications High
GHSA-vjrg-wpm8-rhrw was published for doctrine/orm (Composer) May 15, 2024
Doctrine SQL injection vulnerability Critical
GHSA-6q9v-4hq6-5m67 was published for doctrine/orm (Composer) May 15, 2024
wolfictl leaks GitHub tokens to remote non-GitHub git servers Moderate
CVE-2024-35183 was published for github.com/wolfi-dev/wolfictl (Go) May 15, 2024
luhring
doctrine/doctrine-module zero-valued authentication credentials vulnerability Moderate
GHSA-9wv8-3h8h-x2wc was published for doctrine/doctrine-module (Composer) May 15, 2024
Doctrine DBAL SQL injection possibility High
GHSA-76w8-mqx4-wjrf was published for doctrine/dbal (Composer) May 15, 2024
datadog/dd-trace Circumvents open_basedir INI directive Low
GHSA-qvgg-r6rq-vwfx was published for datadog/dd-trace (Composer) May 15, 2024
contao/core PHP object injection vulnerability allows for arbitrary code execution High
GHSA-wq43-8r5p-w3mc was published for contao/core (Composer) May 15, 2024
contao/core Insufficient input validation allows for code injection and remote execution Critical
GHSA-wxxw-5gq6-j2g5 was published for contao/core (Composer) May 15, 2024
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability Moderate
CVE-2024-28087 was published for org.bonitasoft.engine:bonita-server (Maven) May 15, 2024
codeigniter/framework SQL injection in ODBC database driver Critical
GHSA-27qr-636m-wxg2 was published for codeigniter/framework (Composer) May 15, 2024
Inadequate XSS Prevention in CodeIgniter/Framework Security Library Moderate
GHSA-q9j3-4ghj-6h57 was published for codeigniter/framework (Composer) May 15, 2024
OpenCFP Framework (Sentry) Account takeover via null password reset codes High
GHSA-2m5g-8xpw-42vp was published for cartalyst/sentry (Composer) May 15, 2024
cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction High
GHSA-pgj4-g5j4-cmfx was published for cart2quote/module-quotation-encoded (Composer) May 15, 2024
Denial of Service in extension "Code Highlight" (codehighlight) Moderate
GHSA-4cv2-xc5f-px8h was published for brotkrueml/codehighlight (Composer) May 15, 2024
ProTip! Advisories are also available from the GraphQL API