GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,980
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,112
Pub
10
RubyGems
837
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+
16 advisories
Filter by severity
Symfony Cross-Site Request Forgery vulnerability in the Web Profiler
High
CVE-2014-6072
was published
for
symfony/symfony
(Composer)
May 30, 2024
Symfony allows direct access of ESI URLs behind a trusted proxy
High
CVE-2014-5245
was published
for
symfony/http-kernel
(Composer)
May 30, 2024
Symfony vulnerable to denial of service via a malicious HTTP Host header
High
CVE-2014-5244
was published
for
symfony/http-foundation
(Composer)
May 30, 2024
Code injection in the way Symfony implements translation caching in FrameworkBundle
High
CVE-2014-4931
was published
for
symfony/framework-bundle
(Composer)
May 30, 2024
jQuery File Upload Plugin Unrestricted file upload vulnerability
High
CVE-2014-8739
was published
for
blueimp/jquery-file-upload
(Composer)
May 17, 2022
Smarty arbitrary PHP code execution
High
CVE-2014-8350
was published
for
smarty/smarty
(Composer)
May 17, 2022
Yii PHP Framework arbitrary PHP scripts execution
High
CVE-2014-4672
was published
for
yiisoft/yii
(Composer)
May 17, 2022
getID3 is vulnerable to XML External Entity (XXE)
High
CVE-2014-2053
was published
for
james-heinrich/getid3
(Composer)
May 17, 2022
PHP OpenID Library Denial of Service vulnerability
High
CVE-2013-4701
was published
for
openid/php-openid
(Composer)
May 17, 2022
DOMPDF Remote Code Execution
High
CVE-2014-5013
was published
for
dompdf/dompdf
(Composer)
May 17, 2022
Moodle vulnerable to PHP object injection attacks
High
CVE-2014-3541
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Temporary Passwords are Brute Force-able
High
CVE-2014-7845
was published
for
moodle/moodle
(Composer)
May 13, 2022
Pimcore Vulnerable to PHP Object Injection Attacks
High
CVE-2014-2921
was published
for
pimcore/pimcore
(Composer)
May 17, 2022
Typo3 Vulnerable to Cache Poisoning
High
CVE-2014-9509
was published
for
typo3/cms
(Composer)
May 17, 2022
MAGMI plugin for Magento Unsafe File Upload
High
CVE-2014-8770
was published
for
dweeves/magmi
(Composer)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API