GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,470
Erlang
33
GitHub Actions
23
Go
2,172
Maven
5,000+
npm
3,833
NuGet
696
pip
3,508
Pub
12
RubyGems
910
Rust
908
Swift
38
Unreviewed advisories
All unreviewed
5,000+
228 advisories
Filter by severity
Password hash exposed in CraftCMS two factor authentication plugin
Low
CVE-2024-5657
was published
for
born05/craft-twofactorauthentication
(Composer)
Jun 6, 2024
Typo3 Information Disclosure in Page Tree
Low
GHSA-h934-f4m4-wc8x
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Information Disclosure in TYPO3 CMS
Low
GHSA-c7p6-3c9c-f88q
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Password confirmation stored in plain text via registration form in statamic/cms
Low
CVE-2024-36119
was published
for
statamic/cms
(Composer)
Jun 2, 2024
silverstripe/framework sends passwords back to browsers under some circumstances
Low
GHSA-vh7q-j8p5-2h4h
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled
Low
GHSA-5r8w-66hq-rc39
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework password encryption salt not updated
Low
GHSA-f3wp-xpv2-6vmg
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Silverstripe admin XSS Vulnerability via WYSIWYG editor
Low
GHSA-779c-7w4p-2c4g
was published
for
silverstripe/admin
(Composer)
May 22, 2024
Passbolt Api Retrieval of HTTP-only cookies
Low
GHSA-f5pp-pmq8-gp46
was published
for
passbolt/passbolt_api
(Composer)
May 20, 2024
random_compat Uses insecure CSPRNG
Low
GHSA-3fmq-x9q6-wm39
was published
for
paragonie/random_compat
(Composer)
May 17, 2024
onelogin/php-saml Improper signature validation on LogoutRequest/LogoutResponse.
Low
GHSA-9wrw-p9rm-r782
was published
for
onelogin/php-saml
(Composer)
May 17, 2024
Insecure deserialize Vulnerability in FLOW3
Low
GHSA-7h74-7vcw-4mwp
was published
for
neos/flow
(Composer)
May 17, 2024
Monolog Header injection in NativeMailerHandler
Low
GHSA-f57v-q966-7fh6
was published
for
monolog/monolog
(Composer)
May 15, 2024
Laravel Encrypter Failure to decryption vulnerability
Low
GHSA-6wjw-qf87-fv5v
was published
for
illuminate/encryption
(Composer)
May 15, 2024
datadog/dd-trace Circumvents open_basedir INI directive
Low
GHSA-qvgg-r6rq-vwfx
was published
for
datadog/dd-trace
(Composer)
May 15, 2024
TYPO3 vulnerable to an HTML Injection in the History Module
Low
CVE-2024-34355
was published
for
typo3/cms-core
(Composer)
May 14, 2024
Duplicate Advisory: AVideo cross-site scripting vulnerability in the view/about.php page
Low
GHSA-qvwg-c35p-rqhj
was published
for
wwbn/avideo
(Composer)
May 14, 2024
•
withdrawn
Kimai information disclosure vulnerability
Low
CVE-2024-4596
was published
for
kimai/kimai
(Composer)
May 7, 2024
Contao: Unencoded insert tags in the frontend
Low
CVE-2024-28191
was published
for
contao/core-bundle
(Composer)
Apr 9, 2024
Concrete CMS Stored XSS in blocks of type file
Low
CVE-2024-3180
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Stored XSS in the Search Field
Low
CVE-2024-3181
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter
Low
CVE-2024-3178
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Stored XSS in the Custom Class page editing
Low
CVE-2024-3179
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Stored XSS on the calendar color settings screen
Low
CVE-2024-2753
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
RosarioSIS cross site scripting vulnerability
Low
CVE-2024-3138
was published
for
francoisjacquet/rosariosis
(Composer)
Apr 2, 2024
ProTip!
Advisories are also available from the
GraphQL API