GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,128
Pub
10
RubyGems
838
Rust
792
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,293 advisories
Filter by severity
TYPO3 Cross-Site Scripting in Form Framework validation handling
Moderate
GHSA-95qm-3xp7-vfj5
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Broken Access Control in Import Module
Moderate
GHSA-g776-759r-pf6x
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Information Disclosure in Backend User Interface
Moderate
GHSA-rv8r-8mh5-5376
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Information Disclosure in User Authentication
Moderate
GHSA-wj85-rg5g-v8jm
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Disclosure of Information about Installed Extensions
Moderate
GHSA-p2h4-7fp3-cmh8
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Information Disclosure in Page Tree
Moderate
GHSA-wvvp-jwf5-qcpc
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Security Misconfiguration in User Session Handling
Moderate
GHSA-xmgr-jff3-fcfv
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Cross-Site Scripting in Form Framework
Moderate
GHSA-4459-qrcc-vfcf
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Cross-Site Scripting in Language Pack Handling
Moderate
GHSA-76r3-m635-p3vc
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Broken Access Control in Localization Handling
Moderate
GHSA-9rx9-7fmh-gj3g
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Cross-Site Scripting in Fluid ViewHelpers
Moderate
GHSA-22q7-cg4r-p9mx
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Denial of Service in Online Media Asset Handling
Moderate
GHSA-29m4-mx89-3mjg
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Information Disclosure in Install Tool
Moderate
GHSA-66c2-7g4p-wx4p
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Cross-Site Scripting in Frontend User Login
Moderate
GHSA-8c25-vj2w-p72j
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Cross-Site Scripting in Backend Modal Component
Moderate
GHSA-g4c9-qfvw-fmr4
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Cross-Site Scripting in Online Media Asset Rendering
Moderate
GHSA-wg8h-gxf4-g4gh
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Twig Path Traversal vulnerability in the filesystem loader
Moderate
GHSA-7cvr-xhm5-x998
was published
for
twig/twig
(Composer)
May 30, 2024
Thelia BackOffice default template vulnerable to Cross-site Scripting
Moderate
GHSA-pp7v-wxx9-hm6r
was published
for
thelia/backoffice-default-template
(Composer)
May 30, 2024
Thelia Cross-site Scripting vulnerability in BackOffice
Moderate
GHSA-vq4j-qcx7-ppc6
was published
for
thelia/thelia
(Composer)
May 30, 2024
Symfony2 improper IP based access control
Moderate
GHSA-hx53-jchx-cr52
was published
for
symfony/symfony
(Composer)
May 30, 2024
Symfony may allow a user to switch to using another user's identity
Moderate
GHSA-7mx2-7q8p-pgmw
was published
for
symfony/symfony
(Composer)
May 30, 2024
Symfony has unsafe methods in the Request class
Moderate
CVE-2015-2309
was published
for
symfony/http-foundation
(Composer)
May 30, 2024
Symfony has a security issue when parsing the Authorization header
Moderate
CVE-2014-6061
was published
for
symfony/http-foundation
(Composer)
May 30, 2024
Symfony2 security issue when the trust proxy mode is enabled
Moderate
GHSA-vfm6-r2gc-pwww
was published
for
symfony/http-foundation
(Composer)
May 30, 2024
symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension
Moderate
GHSA-g5vj-wj9x-4jg9
was published
for
symbiote/silverstripe-multivaluefield
(Composer)
May 29, 2024
ProTip!
Advisories are also available from the
GraphQL API