GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,411 advisories
Filter by severity
Moodle uses the same key for QR login and auto-login
Moderate
CVE-2024-38277
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
Moodle BigBlueButton web service leaks meeting joining information
Moderate
CVE-2024-38273
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
Firefly III has a MFA bypass in oauth flow
Moderate
CVE-2024-37893
was published
for
grumpydictator/firefly-iii
(Composer)
Jun 17, 2024
Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
Moderate
CVE-2024-34111
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
Magento Open Source Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-34105
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
Magento Open Source Improper Access Control vulnerability
Moderate
CVE-2024-34107
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
Magento Open Source Incorrect Authorization vulnerability
Moderate
CVE-2024-34106
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
WooCommerce has a Cross-Site Scripting (XSS) Vulnerability in checkout & registration forms
Moderate
CVE-2024-37297
was published
for
woocommerce/woocommerce
(Composer)
Jun 12, 2024
ua-parser/uap-php ReDoS vulnerability
Moderate
GHSA-78hm-5hjw-58mh
was published
for
ua-parser/uap-php
(Composer)
Jun 7, 2024
Zend-developer-tools information disclosure vulnerability
Moderate
GHSA-qg7m-mwxm-j3h7
was published
for
zendframework/zend-developer-tools
(Composer)
Jun 7, 2024
Zend_Filter_StripTags vulnerable to Cross-site Scripting when comments allowed
Moderate
GHSA-4vf6-mq7w-3hp6
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zend-Diactoros URL Rewrite vulnerability
Moderate
GHSA-fq4p-86hh-42v9
was published
for
zendframework/zend-diactoros
(Composer)
Jun 7, 2024
Zendframework potential Cross-site Scripting vector in `Zend_Service_ReCaptcha_MailHide`
Moderate
GHSA-4v57-pwvf-x35j
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zend-Form vulnerable to Cross-site Scripting
Moderate
GHSA-gvpp-6jrj-5pqc
was published
for
zendframework/zend-form
(Composer)
Jun 7, 2024
Zendframework Potential XSS or HTML Injection vector in Zend_Json
Moderate
GHSA-vvm3-rv48-j3g5
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework1 Potential Security Issues in Bundled Dojo Library
Moderate
GHSA-w5mj-j45q-m638
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework Cross-site Scripting vector in `Zend_Filter_StripTags`
Moderate
GHSA-gwpm-pm6x-h7rj
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zend-Session session validation vulnerability
Moderate
GHSA-96c6-m98x-hxjx
was published
for
zendframework/zend-session
(Composer)
Jun 7, 2024
ZendFramework Potential Cross-site Scripting in Development Environment Error View Script
Moderate
GHSA-g52p-86j5-xr8q
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework potential Cross-site Scripting vectors due to inconsistent encodings
Moderate
GHSA-hg35-vqp3-fv39
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework potential Cross-site Scripting vector in `Zend_Dojo_View_Helper_Editor`
Moderate
GHSA-j543-vg33-g6vj
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework has potential Cross-site Scripting vector in multiple view helpers
Moderate
GHSA-m7hr-j867-3f34
was published
for
zendframework/zend-view
(Composer)
Jun 7, 2024
Zendframework URL Rewrite vulnerability
Moderate
GHSA-fh7r-58q4-6387
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
ZendFramework vulnerable to Cross-site Scripting
Moderate
GHSA-5gmf-3c43-q73v
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
ZendFramework potential remote code execution in zend-mail via Sendmail adapter
Moderate
GHSA-gff2-p6vm-3p8g
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
ProTip!
Advisories are also available from the
GraphQL API