Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,793
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,947
npm
3,475
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

6,608 advisories

TYPO3 frontend login vulnerable to Session Fixation High
GHSA-r9vc-jfmh-6j48 was published for typo3/cms (Composer) May 30, 2024
TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts High
GHSA-4r76-xr68-w7m7 was published for typo3/cms (Composer) May 30, 2024
TYPO3 possible cache poisoning on the homepage when anchors are used High
GHSA-p84g-j2gh-83g3 was published for typo3/cms (Composer) May 30, 2024
TYPO3 Arbitrary Shell Execution in Swiftmailer library High
GHSA-45xg-4w5x-j429 was published for typo3/cms (Composer) May 30, 2024
TYPO3 Possible Insecure Deserialization in Extbase Request Handling High
GHSA-5h5v-m596-r6rf was published for typo3/cms-core (Composer) May 30, 2024
mysql2 vulnerable to Prototype Pollution High
CVE-2024-21512 was published for mysql2 (npm) May 30, 2024
TYPO3 Arbitrary Code Execution and Cross-Site Scripting in Backend API High
GHSA-x428-565f-8xj2 was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Security Misconfiguration in Frontend Session Handling High
GHSA-82vp-jr39-4j2j was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Arbitrary Code Execution via File List Module High
GHSA-f9hr-7cfq-mjg2 was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Security Misconfiguration for Backend User Accounts High
GHSA-rxc9-f2x6-qh4w was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Denial of Service in Frontend Record Registration High
GHSA-hjx5-v9xg-7h25 was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Security Misconfiguration in Install Tool Cookie High
GHSA-ppvg-hw62-6ph9 was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 CMS Insecure Deserialization High
GHSA-96jg-pmc4-cx39 was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 CMS Privilege Escalation and SQL Injection High
GHSA-45wj-jv2h-jwrf was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 CMS Authentication Bypass vulnerability High
GHSA-x4rj-f7m6-42c3 was published for typo3/cms-core (Composer) May 30, 2024
Thelia authentication bypass vulnerability High
GHSA-g8pg-33v4-9r96 was published for thelia/thelia (Composer) May 30, 2024
symfony/validator XML Entity Expansion vulnerability High
GHSA-4vf2-qfg3-7598 was published for symfony/validator (Composer) May 30, 2024
symfony/translation XML Entity Expansion vulnerability High
GHSA-f75p-x5vm-83qp was published for symfony/translation (Composer) May 30, 2024
Symfony Cross-Site Request Forgery vulnerability in the Web Profiler High
CVE-2014-6072 was published for symfony/symfony (Composer) May 30, 2024
Symfony XML Entity Expansion security vulnerability High
GHSA-q2gc-gg3x-7942 was published for symfony/symfony (Composer) May 30, 2024
Symfony XXE security vulnerability High
GHSA-rjpm-qmq7-q85w was published for symfony/routing (Composer) May 30, 2024
Symfony allows direct access of ESI URLs behind a trusted proxy High
CVE-2014-5245 was published for symfony/http-kernel (Composer) May 30, 2024
Symfony vulnerable to denial of service via a malicious HTTP Host header High
CVE-2014-5244 was published for symfony/http-foundation (Composer) May 30, 2024
Code injection in the way Symfony implements translation caching in FrameworkBundle High
CVE-2014-4931 was published for symfony/framework-bundle (Composer) May 30, 2024
Symfony XML Entity Expansion security vulnerability High
GHSA-c636-cg5r-2498 was published for symfony/dependency-injection (Composer) May 29, 2024
ProTip! Advisories are also available from the GraphQL API