Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

6,740 advisories

Loading
Symfony XML Entity Expansion security vulnerability High
GHSA-c636-cg5r-2498 was published for symfony/dependency-injection (Composer) May 29, 2024
Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag High
CVE-2024-35226 was published for smarty/smarty (Composer) May 29, 2024
TrixterTheTux
ansibleguy-webui Cross-site Scripting vulnerability High
CVE-2024-36110 was published for ansibleguy-webui (pip) May 28, 2024
ntrampham ansibleguy
silverstripe/subsites Unsafe SQL Query Construction (Safe Data Source) High
GHSA-xc69-p8fc-m6m5 was published for silverstripe/subsites (Composer) May 28, 2024
silverstripe/taxonomy SQL Injection vulnerability High
GHSA-p2v5-xcqm-4fv6 was published for silverstripe/taxonomy (Composer) May 28, 2024
rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter High
CVE-2024-35231 was published for rack-contrib (RubyGems) May 28, 2024
Sim4n6 ioquatix
OpenAPI Generator Online - Arbitrary File Read/Delete High
CVE-2024-35219 was published for org.openapitools:openapi-generator-online (Maven) May 28, 2024
stefan-schiller-sonarsource
silverstripe/graphql Cross-Site Request Forgery vulnerability High
GHSA-wjg9-v8cf-f5q2 was published for silverstripe/graphql (Composer) May 28, 2024
silverstripe/framework has potential SQL Injection vulnerability in PostgreSQL database connector High
GHSA-265q-222x-52m6 was published for silverstripe/framework (Composer) May 28, 2024
silverstripe/framework has possible denial of service attack vector when flushing High
GHSA-cwgq-83w5-8jfq was published for silverstripe/framework (Composer) May 28, 2024
silverstripe/framework allows upload of dangerous file types High
GHSA-vcg6-8fxc-x5cq was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework code execution vulnerability High
GHSA-vgxh-x8jv-hmff was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework BackURL validation bypass with malformed URLs High
GHSA-m5q3-mvcr-gc5m was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework SQL injection in full text search High
GHSA-xx4r-5265-48j6 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework CSV Excel Macro Injection High
GHSA-mqjc-x563-c9q8 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms High
GHSA-7m2v-x7rg-5hm5 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework's User-Agent header not correctly invalidating user session High
GHSA-4qx8-j9vh-2628 was published for silverstripe/framework (Composer) May 27, 2024
Soot Infinite Loop vulnerability High
CVE-2023-46442 was published for org.soot-oss:soot (Maven) May 24, 2024
Silverstripe X-Forwarded-Host request hostname injection High
GHSA-25gq-jvx2-vg9x was published for silverstripe/framework (Composer) May 23, 2024
Silverstripe SiteTree Creation Permission Vulnerability High
GHSA-3mm9-2p44-rw39 was published for silverstripe/cms (Composer) May 22, 2024
Ghost allows CSV Injection during member CSV export High
CVE-2024-34448 was published for @tryghost/members-csv (npm) May 22, 2024
gix traversal outside working tree enables arbitrary code execution High
CVE-2024-35186 was published for gitoxide (Rust) May 22, 2024
EliahKagan Byron
NASA AIT-Core uses unencrypted channels to exchange data over the network High
CVE-2024-35061 was published for ait-core (pip) May 21, 2024
scheb/two-factor-bundle bypass two-factor authentication with remember-me option High
GHSA-9phw-7h96-q3rv was published for scheb/two-factor-bundle (Composer) May 21, 2024
scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token High
GHSA-h6mp-mc7g-mg49 was published for scheb/two-factor-bundle (Composer) May 21, 2024
ProTip! Advisories are also available from the GraphQL API