Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,956
Erlang
29
GitHub Actions
16
Go
1,740
Maven
4,967
npm
3,507
NuGet
609
pip
3,064
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,045 advisories

eZ Publish Legacy Passwordless login for LDAP users High
GHSA-p9mp-vq4v-v5m5 was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
eZ Platform Object Injection in SiteAccessMatchListener High
GHSA-64vj-933f-6pm3 was published for ezsystems/ezpublish-kernel (Composer) May 15, 2024
eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities High
GHSA-82rv-45pc-v28w was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
eZ Publish Information disclosure in backend content tree menu High
GHSA-cc2j-92jq-wgjg was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
eZ Publish Remote code execution in file uploads High
GHSA-3vwr-jj4f-h98x was published for ezsystems/ezpublish-kernel (Composer) May 15, 2024
eZ Platform CSRF token in login form is disabled by default High
GHSA-45qm-j4m9-whv9 was published for ezsystems/ezplatform (Composer) May 15, 2024
eZ Platform Admin UI Password reset vulnerability High
GHSA-hfpp-2vhw-qq43 was published for ezsystems/ezplatform-user (Composer) May 15, 2024
eZ Platform Object Injection in SiteAccessMatchListener High
GHSA-2w9p-xxqr-h253 was published for ezsystems/ezplatform-kernel (Composer) May 15, 2024
eZ Platform Admin UI Cross-site Scripting vulnerability High
GHSA-q73v-79x3-jv2w was published for ezsystems/ezplatform-admin-ui (Composer) May 15, 2024
eZ Platform Password reset vulnerability High
GHSA-cg84-55jx-4237 was published for ezsystems/ezplatform-admin-ui (Composer) May 15, 2024
Cross-site Scripting in eZFind spellcheck High
GHSA-9cq2-pcgr-8h62 was published for ezsystems/ezfind-ls (Composer) May 15, 2024
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS High
GHSA-jq9q-6p42-qpr7 was published for ezsystems/ezdemo-ls-extension (Composer) May 15, 2024
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS High
GHSA-8c85-4rr5-chr4 was published for ezsystems/demobundle (Composer) May 15, 2024
Drupal core Arbitrary PHP code execution High
GHSA-j66p-fvp2-fxhj was published for drupal/drupal (Composer) May 15, 2024
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar High
GHSA-m9fv-whq2-6wmc was published for drupal/drupal (Composer) May 15, 2024
Drupal core Arbitrary PHP code execution High
GHSA-gxxj-g9v8-w28p was published for drupal/core (Composer) May 15, 2024
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar High
GHSA-98h9-727m-44qv was published for drupal/core (Composer) May 15, 2024
doctrine/orm Regression in Query Parenthesis can have Security Implications High
GHSA-vjrg-wpm8-rhrw was published for doctrine/orm (Composer) May 15, 2024
Doctrine DBAL SQL injection possibility High
GHSA-76w8-mqx4-wjrf was published for doctrine/dbal (Composer) May 15, 2024
contao/core PHP object injection vulnerability allows for arbitrary code execution High
GHSA-wq43-8r5p-w3mc was published for contao/core (Composer) May 15, 2024
OpenCFP Framework (Sentry) Account takeover via null password reset codes High
GHSA-2m5g-8xpw-42vp was published for cartalyst/sentry (Composer) May 15, 2024
cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction High
GHSA-pgj4-g5j4-cmfx was published for cart2quote/module-quotation-encoded (Composer) May 15, 2024
easyadmin-extension-bundle action case insensitivity High
GHSA-32rx-xvvr-4xv9 was published for alterphp/easyadmin-extension-bundle (Composer) May 15, 2024
pygmentize Remote Code Execution High
GHSA-77mv-mp2j-gxxh was published for 3f/pygmentize (Composer) May 15, 2024
Grav Vulnerable to Arbitrary File Read to Account Takeover High
CVE-2024-34082 was published for getgrav/grav (Composer) May 15, 2024
richighimi
ProTip! Advisories are also available from the GraphQL API