GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
6,706 advisories
Filter by severity
TYPO3 CMS Authentication Bypass vulnerability
High
GHSA-x4rj-f7m6-42c3
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 CMS Privilege Escalation and SQL Injection
High
GHSA-45wj-jv2h-jwrf
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Improper Restriction of XML External Entity Reference Jenkins Token Macro Plugin
High
CVE-2019-10337
was published
for
org.jenkins-ci.plugins:token-macro
(Maven)
May 24, 2022
TYPO3 CMS Insecure Deserialization
High
GHSA-96jg-pmc4-cx39
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Security Misconfiguration in Install Tool Cookie
High
GHSA-ppvg-hw62-6ph9
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Denial of Service in Frontend Record Registration
High
GHSA-hjx5-v9xg-7h25
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Security Misconfiguration for Backend User Accounts
High
GHSA-rxc9-f2x6-qh4w
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Arbitrary Code Execution via File List Module
High
GHSA-f9hr-7cfq-mjg2
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Security Misconfiguration in Frontend Session Handling
High
GHSA-82vp-jr39-4j2j
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Arbitrary Code Execution and Cross-Site Scripting in Backend API
High
GHSA-x428-565f-8xj2
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Possible Insecure Deserialization in Extbase Request Handling
High
GHSA-5h5v-m596-r6rf
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Arbitrary Shell Execution in Swiftmailer library
High
GHSA-45xg-4w5x-j429
was published
for
typo3/cms
(Composer)
May 30, 2024
TYPO3 possible cache poisoning on the homepage when anchors are used
High
GHSA-p84g-j2gh-83g3
was published
for
typo3/cms
(Composer)
May 30, 2024
TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts
High
GHSA-4r76-xr68-w7m7
was published
for
typo3/cms
(Composer)
May 30, 2024
TYPO3 frontend login vulnerable to Session Fixation
High
GHSA-r9vc-jfmh-6j48
was published
for
typo3/cms
(Composer)
May 30, 2024
Helm uses crypto package vulnerable to panic from malformed X.509 certificate
High
CVE-2020-7919
was published
for
github.com/helm/helm
(Go)
Jun 23, 2021
github.com/ulikunitz/xz fixes readUvarint Denial of Service (DoS)
High
CVE-2021-29482
was published
for
github.com/ulikunitz/xz
(Go)
May 25, 2021
Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass
High
CVE-2024-0056
was published
for
Microsoft.Data.SqlClient
(NuGet)
Jan 9, 2024
Out-of-bounds write in Microsoft.ChakraCore
High
CVE-2019-1141
was published
for
Microsoft.ChakraCore
(NuGet)
Mar 29, 2021
Apache ActiveMQ Deserialization of Untrusted Data vulnerability
High
CVE-2022-41678
was published
for
org.apache.activemq:apache-activemq
(Maven)
Nov 28, 2023
rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter
High
CVE-2024-35231
was published
for
rack-contrib
(RubyGems)
May 28, 2024
Out-of-bounds write in ChakraCore
High
CVE-2019-1196
was published
for
Microsoft.ChakraCore
(NuGet)
Mar 29, 2021
Vulnerability in Azure Active Directory Authentication Library
High
CVE-2019-1258
was published
for
microsoft.identitymodel.clients.activedirectory
(NuGet)
Aug 16, 2019
ip SSRF improper categorization in isPublic
High
CVE-2024-29415
was published
for
ip
(npm)
Jun 2, 2024
ProTip!
Advisories are also available from the
GraphQL API