GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,440
Erlang
29
GitHub Actions
16
Go
1,667
Maven
4,928
npm
3,457
NuGet
595
pip
2,871
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+
91 advisories
Filter by severity
Gadget chain in Symfony 1 due to uncontrolled unserialized input in sfNamespacedParameterHolder
Moderate
CVE-2024-28861
was published
for
friendsofsymfony1/symfony1
(Composer)
Mar 22, 2024
Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency
Moderate
CVE-2024-28859
was published
for
friendsofsymfony1/swiftmailer
(Composer)
Mar 18, 2024
Shopware's session is persistent in Cache for 404 pages
Critical
CVE-2024-27917
was published
for
shopware/platform
(Composer)
Mar 6, 2024
Sulu grants access to pages regardless of role permissions
Moderate
CVE-2024-27915
was published
for
sulu/sulu
(Composer)
Mar 4, 2024
OroPlatform vulnerable to path traversal during temporary file manipulations
High
CVE-2022-41951
was published
for
oro/platform
(Composer)
Nov 27, 2023
Symfony potential Cross-site Scripting in WebhookController
Moderate
CVE-2023-46735
was published
for
symfony/symfony
(Composer)
Nov 12, 2023
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Moderate
CVE-2023-46734
was published
for
symfony/symfony
(Composer)
Nov 12, 2023
Symfony possible session fixation vulnerability
Moderate
CVE-2023-46733
was published
for
symfony/security-http
(Composer)
Nov 12, 2023
Cachet vulnerable to Authenticated Remote Code Execution
Critical
CVE-2023-43661
was published
for
cachethq/cachet
(Composer)
Oct 16, 2023
Prevent injection of invalid entity ids for "autocomplete" fields
Moderate
CVE-2023-41336
was published
for
symfony/ux-autocomplete
(Composer)
Sep 11, 2023
Sulu Observable Response Discrepancy on Admin Login
Moderate
CVE-2023-39343
was published
for
sulu/sulu
(Composer)
Aug 3, 2023
Grav Server-side Template Injection (SSTI) via Twig Default Filters
High
CVE-2023-34252
was published
for
getgrav/grav
(Composer)
Jun 16, 2023
PHAR deserialization allowing remote code execution
Critical
CVE-2023-28115
was published
for
knplabs/knp-snappy
(Composer)
Mar 17, 2023
Symfony storing cookie headers in HttpCache
Moderate
CVE-2022-24894
was published
for
symfony/http-kernel
(Composer)
Feb 1, 2023
Symfony vulnerable to Session Fixation of CSRF tokens
Moderate
CVE-2022-24895
was published
for
symfony/security-bundle
(Composer)
Feb 1, 2023
symfont/process typosquatting malware spoofs symfony/process
High
GHSA-g3j5-mpp2-2fqm
was published
for
symfont/process
(Composer)
Jan 26, 2023
httparty has multipart/form-data request tampering vulnerability
Moderate
CVE-2024-22049
was published
for
httparty
(RubyGems)
Jan 3, 2023
Twig may load a template outside a configured directory when using the filesystem loader
High
CVE-2022-39261
was published
for
twig/twig
(Composer)
Sep 30, 2022
** DISPUTED ** Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search...
Moderate
Unreviewed
CVE-2019-20058
was published
May 24, 2022
Symfony Incorrect Access Control
Critical
CVE-2017-11365
was published
for
symfony/security
(Composer)
May 24, 2022
Symfony Access Control Vulnerability
Moderate
CVE-2012-6432
was published
for
symfony/symfony
(Composer)
May 17, 2022
Symfony Allows URI Restrictions Bypass Via Double-Encoded String
Moderate
CVE-2012-6431
was published
for
symfony/http-foundation
(Composer)
May 17, 2022
FriendsOfSymfony FOSUserBundle denial of service via login form
Moderate
CVE-2013-5750
was published
for
friendsofsymfony/user-bundle
(Composer)
May 17, 2022
Symfony Denial of Service Via Long Password Hashing
Moderate
CVE-2013-5958
was published
for
symfony/polyfill
(Composer)
May 17, 2022
Cross-site scripting (XSS) vulnerability in symfony/web/index.php/pim/viewEmployeeList in...
Moderate
Unreviewed
CVE-2014-100021
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API