GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+
1,291 advisories
Filter by severity
nzo/url-encryptor-bundle Insecure default secret key and IV allowing anyone to decrypt values
High
GHSA-r2r8-36pq-27cm
was published
for
nzo/url-encryptor-bundle
(Composer)
May 17, 2024
Cross-site Scripting vulnerabilities in Neos
High
GHSA-6cj3-rc4p-f38f
was published
for
neos/neos
(Composer)
May 17, 2024
Neos Information Disclosure Security Note
High
GHSA-3c5g-73f7-grvm
was published
for
neos/neos
(Composer)
May 17, 2024
namshi/jose insecure JSON Web Signatures (JWS)
High
GHSA-hxhc-wmg8-xrqf
was published
for
namshi/jose
(Composer)
May 17, 2024
laravel framework SQL Injection via limit and offset functions
High
GHSA-wq8p-mqvg-2p5h
was published
for
laravel/framework
(Composer)
May 15, 2024
laravel framework Unexpected database bindings via requests
High
GHSA-jwvj-pwww-3mj5
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel Cookie serialization vulnerability
High
GHSA-6jvx-8ch9-j2jr
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel Cookie serialization vulnerability
High
GHSA-2867-6rrm-38gr
was published
for
illuminate/cookie
(Composer)
May 15, 2024
gregwar/rst Local File Inclusion Vulnerability
High
GHSA-2gq2-m628-33xp
was published
for
gregwar/rst
(Composer)
May 15, 2024
fuel/core ImageMagick driver does not escape all shell arguments.
High
GHSA-26hp-cgjj-m2j3
was published
for
fuel/core
(Composer)
May 15, 2024
FOSUserBundle Session Hijacking Vulnerability
High
GHSA-6mjq-9x4w-m3w9
was published
for
friendsofsymfony/user-bundle
(Composer)
May 15, 2024
eZ Platform User data disclosure
High
GHSA-3g43-xfrw-pv5m
was published
for
ezsystems/repository-forms
(Composer)
May 15, 2024
EZsystems Remote code execution in file uploads
High
GHSA-9895-26wr-4fgv
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
eZ Publish Legacy Passwordless login for LDAP users
High
GHSA-p9mp-vq4v-v5m5
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
eZ Platform Object Injection in SiteAccessMatchListener
High
GHSA-64vj-933f-6pm3
was published
for
ezsystems/ezpublish-kernel
(Composer)
May 15, 2024
eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities
High
GHSA-82rv-45pc-v28w
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
eZ Publish Information disclosure in backend content tree menu
High
GHSA-cc2j-92jq-wgjg
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
eZ Publish Remote code execution in file uploads
High
GHSA-3vwr-jj4f-h98x
was published
for
ezsystems/ezpublish-kernel
(Composer)
May 15, 2024
eZ Platform CSRF token in login form is disabled by default
High
GHSA-45qm-j4m9-whv9
was published
for
ezsystems/ezplatform
(Composer)
May 15, 2024
eZ Platform Admin UI Password reset vulnerability
High
GHSA-hfpp-2vhw-qq43
was published
for
ezsystems/ezplatform-user
(Composer)
May 15, 2024
eZ Platform Object Injection in SiteAccessMatchListener
High
GHSA-2w9p-xxqr-h253
was published
for
ezsystems/ezplatform-kernel
(Composer)
May 15, 2024
eZ Platform Admin UI Cross-site Scripting vulnerability
High
GHSA-q73v-79x3-jv2w
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
May 15, 2024
eZ Platform Password reset vulnerability
High
GHSA-cg84-55jx-4237
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
May 15, 2024
Cross-site Scripting in eZFind spellcheck
High
GHSA-9cq2-pcgr-8h62
was published
for
ezsystems/ezfind-ls
(Composer)
May 15, 2024
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS
High
GHSA-jq9q-6p42-qpr7
was published
for
ezsystems/ezdemo-ls-extension
(Composer)
May 15, 2024
ProTip!
Advisories are also available from the
GraphQL API