GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,045 advisories
Filter by severity
silverstripe/framework BackURL validation bypass with malformed URLs
High
GHSA-m5q3-mvcr-gc5m
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework SQL injection in full text search
High
GHSA-xx4r-5265-48j6
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework CSV Excel Macro Injection
High
GHSA-mqjc-x563-c9q8
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms
High
GHSA-7m2v-x7rg-5hm5
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework's User-Agent header not correctly invalidating user session
High
GHSA-4qx8-j9vh-2628
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Silverstripe X-Forwarded-Host request hostname injection
High
GHSA-25gq-jvx2-vg9x
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe SiteTree Creation Permission Vulnerability
High
GHSA-3mm9-2p44-rw39
was published
for
silverstripe/cms
(Composer)
May 22, 2024
scheb/two-factor-bundle bypass two-factor authentication with remember-me option
High
GHSA-9phw-7h96-q3rv
was published
for
scheb/two-factor-bundle
(Composer)
May 21, 2024
scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token
High
GHSA-h6mp-mc7g-mg49
was published
for
scheb/two-factor-bundle
(Composer)
May 21, 2024
robrichards/xmlseclibs XPath injection
High
GHSA-2g98-f9jv-w8c5
was published
for
robrichards/xmlseclibs
(Composer)
May 20, 2024
Passbolt API Stored XSS on first/last name during setup
High
GHSA-2f46-4xjm-73x5
was published
for
passbolt/passbolt_api
(Composer)
May 20, 2024
Passbolt Api Remote code execution
High
GHSA-cv5c-2qv5-w2m2
was published
for
passbolt/passbolt_api
(Composer)
May 20, 2024
nzo/url-encryptor-bundle Insecure default secret key and IV allowing anyone to decrypt values
High
GHSA-r2r8-36pq-27cm
was published
for
nzo/url-encryptor-bundle
(Composer)
May 17, 2024
Cross-site Scripting vulnerabilities in Neos
High
GHSA-6cj3-rc4p-f38f
was published
for
neos/neos
(Composer)
May 17, 2024
Neos Information Disclosure Security Note
High
GHSA-3c5g-73f7-grvm
was published
for
neos/neos
(Composer)
May 17, 2024
namshi/jose insecure JSON Web Signatures (JWS)
High
GHSA-hxhc-wmg8-xrqf
was published
for
namshi/jose
(Composer)
May 17, 2024
laravel framework SQL Injection via limit and offset functions
High
GHSA-wq8p-mqvg-2p5h
was published
for
laravel/framework
(Composer)
May 15, 2024
laravel framework Unexpected database bindings via requests
High
GHSA-jwvj-pwww-3mj5
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel Cookie serialization vulnerability
High
GHSA-6jvx-8ch9-j2jr
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel Cookie serialization vulnerability
High
GHSA-2867-6rrm-38gr
was published
for
illuminate/cookie
(Composer)
May 15, 2024
gregwar/rst Local File Inclusion Vulnerability
High
GHSA-2gq2-m628-33xp
was published
for
gregwar/rst
(Composer)
May 15, 2024
fuel/core ImageMagick driver does not escape all shell arguments.
High
GHSA-26hp-cgjj-m2j3
was published
for
fuel/core
(Composer)
May 15, 2024
FOSUserBundle Session Hijacking Vulnerability
High
GHSA-6mjq-9x4w-m3w9
was published
for
friendsofsymfony/user-bundle
(Composer)
May 15, 2024
eZ Platform User data disclosure
High
GHSA-3g43-xfrw-pv5m
was published
for
ezsystems/repository-forms
(Composer)
May 15, 2024
EZsystems Remote code execution in file uploads
High
GHSA-9895-26wr-4fgv
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
ProTip!
Advisories are also available from the
GraphQL API