GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
97 advisories
Filter by severity
EC-CUBE vulnerable to authorization bypass
Moderate
CVE-2014-0808
was published
for
ec-cube/ec-cube
(Composer)
May 17, 2022
Symfony Cross-Site Request Forgery vulnerability in the Web Profiler
High
CVE-2014-6072
was published
for
symfony/symfony
(Composer)
May 30, 2024
Symfony allows direct access of ESI URLs behind a trusted proxy
High
CVE-2014-5245
was published
for
symfony/http-kernel
(Composer)
May 30, 2024
Symfony has a security issue when parsing the Authorization header
Moderate
CVE-2014-6061
was published
for
symfony/http-foundation
(Composer)
May 30, 2024
Symfony vulnerable to denial of service via a malicious HTTP Host header
High
CVE-2014-5244
was published
for
symfony/http-foundation
(Composer)
May 30, 2024
Code injection in the way Symfony implements translation caching in FrameworkBundle
High
CVE-2014-4931
was published
for
symfony/framework-bundle
(Composer)
May 30, 2024
DOMPDF Arbitrary File Read
Moderate
CVE-2014-2383
was published
for
dompdf/dompdf
(Composer)
May 14, 2022
TYPO3 Improper Session Invalidation
Moderate
CVE-2014-3944
was published
for
typo3/cms
(Composer)
May 17, 2022
jQuery File Upload Plugin Unrestricted file upload vulnerability
High
CVE-2014-8739
was published
for
blueimp/jquery-file-upload
(Composer)
May 17, 2022
Smarty arbitrary PHP code execution
High
CVE-2014-8350
was published
for
smarty/smarty
(Composer)
May 17, 2022
Yii PHP Framework arbitrary PHP scripts execution
High
CVE-2014-4672
was published
for
yiisoft/yii
(Composer)
May 17, 2022
Zend Access Restriction Bypass
Moderate
CVE-2014-8088
was published
for
zendframework/zendframework
(Composer)
May 17, 2022
getID3 is vulnerable to XML External Entity (XXE)
High
CVE-2014-2053
was published
for
james-heinrich/getid3
(Composer)
May 17, 2022
Zend Framework SQL injection vulnerability
Critical
CVE-2014-8089
was published
for
zendframework/zend-db
(Composer)
Apr 23, 2024
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
Critical
CVE-2014-4172
was published
for
DotNetCasClient
(Composer)
May 17, 2022
TYPO3 Cross-site Scripting vulnerability in the extension manager and backend forms
Moderate
CVE-2010-3659
was published
for
typo3/cms-backend
(Composer)
May 17, 2022
Moodle cross-site scripting (XSS) vulnerabilities
Moderate
CVE-2013-7341
was published
for
moodle/moodle
(Composer)
May 13, 2022
PHP OpenID Library Denial of Service vulnerability
High
CVE-2013-4701
was published
for
openid/php-openid
(Composer)
May 17, 2022
DOMPDF Remote Code Execution
High
CVE-2014-5013
was published
for
dompdf/dompdf
(Composer)
May 17, 2022
DOMPDF Information Disclosure
Moderate
CVE-2014-5011
was published
for
dompdf/dompdf
(Composer)
May 17, 2022
Typo3 Information Disclosure
Moderate
CVE-2014-3946
was published
for
typo3/cms
(Composer)
May 17, 2022
Typo3 Open Redirect In Frontend Rendering
Moderate
CVE-2014-9508
was published
for
typo3/cms
(Composer)
May 17, 2022
Typo3 Host Header Spoofing Vulnerability
Moderate
CVE-2014-3941
was published
for
typo3/cms
(Composer)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API