Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

476 advisories

Loading
titon/framework vulnerable to Remote Code Execution via Chosen-Ciphertext Attack Critical
GHSA-q3jm-v27q-jfww was published for titon/framework (Composer) May 30, 2024
terminal42/contao-tablelookupwizard possible SQL injection in widget field value Critical
GHSA-7fpj-wc8v-9cgc was published for terminal42/contao-tablelookupwizard (Composer) May 30, 2024
Symfony XML decoding attack vector through external entities Critical
GHSA-mmcv-fvq8-r9x3 was published for symfony/symfony (Composer) May 30, 2024
Symfony XML decoding attack vector through external entities Critical
GHSA-j68w-pg49-f6vx was published for symfony/serializer (Composer) May 30, 2024
Swiftmailer Sendmail transport arbitrary shell execution Critical
GHSA-4qpj-gxxg-jqg4 was published for swiftmailer/swiftmailer (Composer) May 29, 2024
SimpleSAMLphp signature validation bypass Critical
GHSA-fjr2-r2mp-484p was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
Dolibarr vulnerable to SQL Injection Critical
CVE-2024-5315 was published for dolibarr/dolibarr (Composer) May 24, 2024
Dolibarr vulnerable to SQL Injection Critical
CVE-2024-5314 was published for dolibarr/dolibarr (Composer) May 24, 2024
Silverstripe Brute force bypass on default admin Critical
GHSA-8v6m-7f5v-hhx6 was published for silverstripe/framework (Composer) May 23, 2024
VuFind Server-Side Request Forgery (SSRF) vulnerability Critical
CVE-2024-25738 was published for vufind/vufind (Composer) May 22, 2024
VuFind Server-Side Request Forgery (SSRF) vulnerability Critical
CVE-2024-25737 was published for vufind/vufind (Composer) May 22, 2024
Shopware Remote Code Execution Vulnerability Critical
GHSA-83jv-4prm-34g7 was published for shopware/shopware (Composer) May 21, 2024
Shopware Remote Code Execution Vulnerability Critical
GHSA-7336-ghhp-f2qj was published for shopware/shopware (Composer) May 21, 2024
Shopware Remote Code Execution Vulnerability Critical
GHSA-q3g4-2vw9-xv27 was published for shopware/shopware (Composer) May 21, 2024
propel/propel1 SQL injection possible with limit() on MySQL Critical
GHSA-7g7c-qhf3-x59p was published for propel/propel1 (Composer) May 20, 2024
Propel2 SQL injection possible with limit() on MySQL Critical
GHSA-7vw7-qx38-37vr was published for propel/propel (Composer) May 20, 2024
Flow Swift Mailer package Remote code execution Critical
GHSA-rq6q-hjvh-5mwh was published for neos/swiftmailer (Composer) May 17, 2024
namshi/jose - Verification bypass Critical
GHSA-4rr6-gf59-ggw5 was published for namshi/jose (Composer) May 17, 2024
Magento RCE,XSS and other vulnerabilities Critical
GHSA-8j7c-682x-r9f2 was published for magento/community-edition (Composer) May 15, 2024
Magento remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities Critical
GHSA-5gmh-85x8-5cx7 was published for magento/community-edition (Composer) May 15, 2024
Magento Open Source Security Advisory: Patch SUPEE-10975 Critical
GHSA-cv25-3pxr-4q7x was published for magento/community-edition (Composer) May 15, 2024
Magento Patch SUPEE-9652 - Remote Code Execution using mail vulnerability Critical
GHSA-26hq-7286-mg8f was published for magento/community-edition (Composer) May 15, 2024
Magento Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities Critical
GHSA-6wm4-3rjj-c8xx was published for magento/community-edition (Composer) May 15, 2024
Magento Patch SUPEE-10752 - Multiple security enhancements vulnerabilities Critical
GHSA-prpf-cj87-hwvr was published for magento/community-edition (Composer) May 15, 2024
Laravel RCE vulnerability in "cookie" session driver Critical
GHSA-qm5c-m76r-2hfr was published for laravel/framework (Composer) May 15, 2024
ProTip! Advisories are also available from the GraphQL API