Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,045 advisories

silverstripe/framework BackURL validation bypass with malformed URLs High
GHSA-m5q3-mvcr-gc5m was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework SQL injection in full text search High
GHSA-xx4r-5265-48j6 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework CSV Excel Macro Injection High
GHSA-mqjc-x563-c9q8 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms High
GHSA-7m2v-x7rg-5hm5 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework's User-Agent header not correctly invalidating user session High
GHSA-4qx8-j9vh-2628 was published for silverstripe/framework (Composer) May 27, 2024
Silverstripe X-Forwarded-Host request hostname injection High
GHSA-25gq-jvx2-vg9x was published for silverstripe/framework (Composer) May 23, 2024
Silverstripe SiteTree Creation Permission Vulnerability High
GHSA-3mm9-2p44-rw39 was published for silverstripe/cms (Composer) May 22, 2024
scheb/two-factor-bundle bypass two-factor authentication with remember-me option High
GHSA-9phw-7h96-q3rv was published for scheb/two-factor-bundle (Composer) May 21, 2024
scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token High
GHSA-h6mp-mc7g-mg49 was published for scheb/two-factor-bundle (Composer) May 21, 2024
robrichards/xmlseclibs XPath injection High
GHSA-2g98-f9jv-w8c5 was published for robrichards/xmlseclibs (Composer) May 20, 2024
Passbolt API Stored XSS on first/last name during setup High
GHSA-2f46-4xjm-73x5 was published for passbolt/passbolt_api (Composer) May 20, 2024
Passbolt Api Remote code execution High
GHSA-cv5c-2qv5-w2m2 was published for passbolt/passbolt_api (Composer) May 20, 2024
nzo/url-encryptor-bundle Insecure default secret key and IV allowing anyone to decrypt values High
GHSA-r2r8-36pq-27cm was published for nzo/url-encryptor-bundle (Composer) May 17, 2024
Cross-site Scripting vulnerabilities in Neos High
GHSA-6cj3-rc4p-f38f was published for neos/neos (Composer) May 17, 2024
Neos Information Disclosure Security Note High
GHSA-3c5g-73f7-grvm was published for neos/neos (Composer) May 17, 2024
namshi/jose insecure JSON Web Signatures (JWS) High
GHSA-hxhc-wmg8-xrqf was published for namshi/jose (Composer) May 17, 2024
laravel framework SQL Injection via limit and offset functions High
GHSA-wq8p-mqvg-2p5h was published for laravel/framework (Composer) May 15, 2024
laravel framework Unexpected database bindings via requests High
GHSA-jwvj-pwww-3mj5 was published for laravel/framework (Composer) May 15, 2024
Laravel Cookie serialization vulnerability High
GHSA-6jvx-8ch9-j2jr was published for laravel/framework (Composer) May 15, 2024
Laravel Cookie serialization vulnerability High
GHSA-2867-6rrm-38gr was published for illuminate/cookie (Composer) May 15, 2024
gregwar/rst Local File Inclusion Vulnerability High
GHSA-2gq2-m628-33xp was published for gregwar/rst (Composer) May 15, 2024
fuel/core ImageMagick driver does not escape all shell arguments. High
GHSA-26hp-cgjj-m2j3 was published for fuel/core (Composer) May 15, 2024
FOSUserBundle Session Hijacking Vulnerability High
GHSA-6mjq-9x4w-m3w9 was published for friendsofsymfony/user-bundle (Composer) May 15, 2024
eZ Platform User data disclosure High
GHSA-3g43-xfrw-pv5m was published for ezsystems/repository-forms (Composer) May 15, 2024
EZsystems Remote code execution in file uploads High
GHSA-9895-26wr-4fgv was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
ProTip! Advisories are also available from the GraphQL API