GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,284 advisories
Filter by severity
SimpleSAMLphp Link Injection vulnerability
Moderate
GHSA-v858-922f-fj9v
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
silverstripe/userforms file upload exposure on UserForms module
Moderate
GHSA-55pp-293f-3365
was published
for
silverstripe/userforms
(Composer)
May 28, 2024
formwork Cross-site scripting vulnerability in Markdown fields
Moderate
CVE-2024-35621
was published
for
getformwork/formwork
(Composer)
May 28, 2024
silverstripe/framework may disclose database credentials during connection failure
Moderate
GHSA-m2hh-2m46-x6j5
was published
for
silverstripe/framework
(Composer)
May 28, 2024
silverstripe/framework vulnerable to member disclosure in login form
Moderate
GHSA-crr3-h4m8-7f56
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework uploaded PHP script execution in assets
Moderate
GHSA-f43j-8hq4-2xj9
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms
Moderate
GHSA-r3pr-fh25-wrfc
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework Privilege Escalation Risk in Member Edit form
Moderate
GHSA-xpff-c35g-j3cr
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework's URL parameters `isDev` and `isTest` unguarded
Moderate
GHSA-55qg-6c4m-mw6g
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework users inadvertently passing sensitive data to LoginAttempt
Moderate
GHSA-ph62-fv59-vf9h
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework has Cross-site Scripting vulnerability in page history comparison
Moderate
GHSA-c4c3-j73v-634r
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework has Cross-site Scripting vulnerability in RedirectorPage
Moderate
GHSA-pp7q-6j3f-74vj
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework has Cross-site Scripting vulnerability in CMSSecurity BackURL
Moderate
GHSA-r85g-7jpv-8xrx
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework has Cross-site Scripting vulnerability in page name
Moderate
GHSA-hhvj-mcrx-3vcf
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework member disclosure in login form
Moderate
GHSA-g84q-cq55-xwgp
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework vulnerable to Cross-site Scripting In `OptionsetField` and `CheckboxSetField`
Moderate
GHSA-468j-6jrc-2rjx
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework's `Member.Name` is not escaped
Moderate
GHSA-r9vp-fp72-xgf7
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework missing ACL on reports
Moderate
GHSA-52cx-hpc5-cxwc
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`
Moderate
GHSA-p5h2-vr99-xm99
was published
for
silverstripe/framework
(Composer)
May 27, 2024
SilverStripe comments module includes version of jQuery vulnerable to Cross-site Scripting
Moderate
GHSA-frm9-7pm9-5rgc
was published
for
silverstripe/comments
(Composer)
May 27, 2024
PHP Server Monitor vulnerable to Cross-site Scripting
Moderate
CVE-2024-5312
was published
for
phpservermon/phpservermon
(Composer)
May 24, 2024
silverstripe/framework ReadOnly transformation for formfields exploitable
Moderate
GHSA-97jm-g33h-f46g
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe Cross-site scripting vulnerability in VersionedRequestFilter
Moderate
GHSA-mpqj-f4v3-334h
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe Missing CSRF protection in login form
Moderate
GHSA-vj2j-6g3w-4662
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe XSS in CMS Edit Page
Moderate
GHSA-m8v7-x398-pxrf
was published
for
silverstripe/framework
(Composer)
May 23, 2024
ProTip!
Advisories are also available from the
GraphQL API