Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

4,077 advisories

Loading
Mautic allows users enumeration due to weak password login Moderate
CVE-2024-47059 was published for mautic/core (Composer) Sep 18, 2024
tomekkowalczyk patrykgruszka
escopecz rafibz007
Mautic has insufficient authentication in upgrade flow High
CVE-2022-25770 was published for mautic/core (Composer) Sep 19, 2024
Mautic has an XSS in contact tracking and page hits report High
CVE-2021-27917 was published for mautic/core (Composer) Sep 18, 2024
patrykgruszka lenonleite
escopecz
Mautic has insufficient authentication in upgrade flow High
CVE-2024-47051 was published for mautic/core (Composer) Sep 18, 2024
mollux escopecz
patrykgruszka
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field) Low
CVE-2024-47058 was published for mautic/core (Composer) Sep 18, 2024
lenonleite escopecz
Mautic vulnerable to XSS in contact/company tracking (no authentication) Moderate
CVE-2024-47050 was published for mautic/core (Composer) Sep 18, 2024
mqrtin patrykgruszka
lenonleite escopecz
Mautic vulnerable to Improper Access Control in UI upgrade process High
CVE-2022-25768 was published for mautic/core (Composer) Sep 18, 2024
mollux escopecz
patrykgruszka
auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped High
CVE-2024-45592 was published for damienharper/auditor-bundle (Composer) Sep 10, 2024
fkropfhamer
Mautic: MST-48 Server-Side Request Forgery in Asset section Moderate
CVE-2022-25777 was published for mautic/core (Composer) Apr 12, 2024
lenonleite
Mautic Sensitive Data Exposure due to inadequate user permission settings High
CVE-2022-25776 was published for mautic/core (Composer) Apr 12, 2024
lenonleite
Mautic SQL Injection in dynamic Reports Moderate
CVE-2022-25775 was published for mautic/core (Composer) Apr 12, 2024
Mautic vulnerable to cross-site scripting in notifications via saving Dashboards Moderate
CVE-2022-25774 was published for mautic/core (Composer) Apr 12, 2024
Vautia
Contao affected by directory traversal in the file selector widget Moderate
CVE-2024-45604 was published for contao/core-bundle (Composer) Sep 17, 2024
usdResponsibleDisclosure
Wire UI has a JS XSS Vulnerability on route /wireui/button?label=Content Moderate
CVE-2024-45803 was published for wireui/wireui (Composer) Sep 17, 2024
sharathdn1 PH7-Jack
Contao affected by insert tag injection via canonical URL Moderate
CVE-2024-45612 was published for contao/core-bundle (Composer) Sep 17, 2024
aschempp
Contao affected by remote command execution through file upload High
CVE-2024-45398 was published for contao/core-bundle (Composer) Sep 17, 2024
usdResponsibleDisclosure
Concrete CMS stored XSS vulnerability in the "Top Navigator Bar" block Moderate
CVE-2024-8660 was published for concrete5/concrete5 (Composer) Sep 17, 2024
powermail TYPO3 extension has Insecure Direct Object Reference Moderate
CVE-2024-47047 was published for in2code/powermail (Composer) Sep 17, 2024
czim/file-handling vulnerable to SSRF and directory traversal Moderate
CVE-2024-47049 was published for czim/file-handling (Composer) Sep 17, 2024
Kimai has an XXE Leading to Local File Read Moderate
GHSA-534c-hcr7-67jg was published for kimai/kimai (Composer) Sep 17, 2024
ixSly
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder High
CVE-2021-27916 was published for mautic/core (Composer) Apr 12, 2024
adiux mollux
Mautic vulnerable to stored cross-site scripting in description field High
CVE-2021-27915 was published for mautic/core (Composer) Apr 11, 2024
Concrete CMS Stored XSS in the "Next&Previous Nav" block Moderate
CVE-2024-8661 was published for concrete5/concrete5 (Composer) Sep 16, 2024
Magento Open Source Improper Authorization vulnerability Moderate
CVE-2024-39412 was published for magento/community-edition (Composer) Aug 14, 2024
Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability Moderate
CVE-2024-39410 was published for magento/community-edition (Composer) Aug 14, 2024
ProTip! Advisories are also available from the GraphQL API