Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,198
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,702
NuGet
660
pip
3,328
Pub
11
RubyGems
883
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,113 advisories

Loading
Dolibarr arbitrary file upload vulnerability High
CVE-2024-37821 was published for dolibarr/dolibarr (Composer) Jun 18, 2024
Moodle HTTP authorization header is preserved between "emulated redirects" High
CVE-2024-38275 was published for moodle/moodle (Composer) Jun 18, 2024
Snipe-IT allows users to promote or demote themselves or other users High
CVE-2024-5685 was published for snipe/snipe-it (Composer) Jun 14, 2024
Magento Open Source Improper Authentication vulnerability High
CVE-2024-34103 was published for magento/community-edition (Composer) Jun 13, 2024
Magento Open Source Improper Authorization vulnerability High
CVE-2024-34104 was published for magento/community-edition (Composer) Jun 13, 2024
Composer has a command injection via malicious git branch name High
CVE-2024-35241 was published for composer/composer (Composer) Jun 10, 2024
martinhaunschmid
Composer has multiple command injections via malicious git/hg branch names High
CVE-2024-35242 was published for composer/composer (Composer) Jun 10, 2024
haqpl
nukeviet Deserialization of Untrusted Data vulnerability High
CVE-2024-36528 was published for nukeviet/nukeviet (Composer) Jun 10, 2024
zfr authentication adapter did not verify validity of tokens High
GHSA-rcm4-jv5g-wccm was published for zfr/zfr-oauth2-server-module (Composer) Jun 7, 2024
ZendOpenID potential security issue in login mechanism High
GHSA-3x57-m5p4-rgh4 was published for zendframework/zendopenid (Composer) Jun 7, 2024
Zendframework Potential Information Disclosure and Insufficient Entropy vulnerability High
GHSA-848f-mph5-9pm9 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework1 Potential Insufficient Entropy Vulnerability High
GHSA-8xhv-gqm4-3w99 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability High
GHSA-mg4x-prh7-g4mx was published for zendframework/zend-captcha (Composer) Jun 7, 2024
Zendframework potential security issue in login mechanism High
GHSA-9v78-h226-2rmq was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Adminer file disclosure vulnerability High
GHSA-97h7-mf38-g9mf was published for vrana/adminer (Composer) Jun 7, 2024
Zend-Navigation vulnerable to Cross-site Scripting High
GHSA-6v7p-5qcq-268c was published for zendframework/zend-navigation (Composer) Jun 7, 2024
Zend-Feed URL Rewrite vulnerability High
GHSA-jmmp-vh96-78rm was published for zendframework/zend-feed (Composer) Jun 7, 2024
Zend-HTTP URL Rewrite vulnerability High
GHSA-cg8w-5jrc-675g was published for zendframework/zend-http (Composer) Jun 7, 2024
Zendframework Local file disclosure via XXE injection in Zend_XmlRpc High
GHSA-229x-22xc-2f2w was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Zendframework Denial of Service vector via XEE injection High
GHSA-2jx7-xg83-j2m7 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Duplicate Advisory: aimeos-core arbitrary file upload vulnerability High
CVE-2024-36811 was published for aimeos/aimeos-core (Composer) Jun 7, 2024 withdrawn
aimeos
Zend-Mail remote code execution in zend-mail via Sendmail adapter High
GHSA-cxf7-m5g2-v594 was published for zendframework/zend-mail (Composer) Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors High
GHSA-4j9x-g4x8-vcmf was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework local file inclusion vector in `Zend_View::setScriptPath()` and `render()` High
GHSA-hx3m-959f-v849 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework SQL injection due to execution of platform-specific SQL containing interpolations High
GHSA-x2f4-8wxf-w3vf was published for zendframework/zendframework (Composer) Jun 7, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database