GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
6,706 advisories
Filter by severity
silverstripe/taxonomy SQL Injection vulnerability
High
GHSA-p2v5-xcqm-4fv6
was published
for
silverstripe/taxonomy
(Composer)
May 28, 2024
rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter
High
CVE-2024-35231
was published
for
rack-contrib
(RubyGems)
May 28, 2024
OpenAPI Generator Online - Arbitrary File Read/Delete
High
CVE-2024-35219
was published
for
org.openapitools:openapi-generator-online
(Maven)
May 28, 2024
silverstripe/graphql Cross-Site Request Forgery vulnerability
High
GHSA-wjg9-v8cf-f5q2
was published
for
silverstripe/graphql
(Composer)
May 28, 2024
silverstripe/framework has potential SQL Injection vulnerability in PostgreSQL database connector
High
GHSA-265q-222x-52m6
was published
for
silverstripe/framework
(Composer)
May 28, 2024
silverstripe/framework has possible denial of service attack vector when flushing
High
GHSA-cwgq-83w5-8jfq
was published
for
silverstripe/framework
(Composer)
May 28, 2024
silverstripe/framework allows upload of dangerous file types
High
GHSA-vcg6-8fxc-x5cq
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework code execution vulnerability
High
GHSA-vgxh-x8jv-hmff
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework BackURL validation bypass with malformed URLs
High
GHSA-m5q3-mvcr-gc5m
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework SQL injection in full text search
High
GHSA-xx4r-5265-48j6
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework CSV Excel Macro Injection
High
GHSA-mqjc-x563-c9q8
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms
High
GHSA-7m2v-x7rg-5hm5
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework's User-Agent header not correctly invalidating user session
High
GHSA-4qx8-j9vh-2628
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Soot Infinite Loop vulnerability
High
CVE-2023-46442
was published
for
org.soot-oss:soot
(Maven)
May 24, 2024
Pug allows JavaScript code execution if an application accepts untrusted input
High
CVE-2024-36361
was published
for
pug
(npm)
May 24, 2024
Silverstripe X-Forwarded-Host request hostname injection
High
GHSA-25gq-jvx2-vg9x
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe SiteTree Creation Permission Vulnerability
High
GHSA-3mm9-2p44-rw39
was published
for
silverstripe/cms
(Composer)
May 22, 2024
Ghost allows CSV Injection during member CSV export
High
CVE-2024-34448
was published
for
@tryghost/members-csv
(npm)
May 22, 2024
gix traversal outside working tree enables arbitrary code execution
High
CVE-2024-35186
was published
for
gitoxide
(Rust)
May 22, 2024
NASA AIT-Core uses unencrypted channels to exchange data over the network
High
CVE-2024-35061
was published
for
ait-core
(pip)
May 21, 2024
scheb/two-factor-bundle bypass two-factor authentication with remember-me option
High
GHSA-9phw-7h96-q3rv
was published
for
scheb/two-factor-bundle
(Composer)
May 21, 2024
scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token
High
GHSA-h6mp-mc7g-mg49
was published
for
scheb/two-factor-bundle
(Composer)
May 21, 2024
@fastify/session reuses destroyed session cookie
High
CVE-2024-35220
was published
for
@fastify/session
(npm)
May 21, 2024
json-schema-ref-parser Prototype Pollution issue
High
CVE-2024-29651
was published
for
@apidevtools/json-schema-ref-parser
(npm)
May 20, 2024
robrichards/xmlseclibs XPath injection
High
GHSA-2g98-f9jv-w8c5
was published
for
robrichards/xmlseclibs
(Composer)
May 20, 2024
ProTip!
Advisories are also available from the
GraphQL API