Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,781 advisories

Loading
TYPO3 Cross-Site Scripting in Frontend User Login Moderate
GHSA-8c25-vj2w-p72j was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Cross-Site Scripting in Backend Modal Component Moderate
GHSA-g4c9-qfvw-fmr4 was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Cross-Site Scripting in Online Media Asset Rendering Moderate
GHSA-wg8h-gxf4-g4gh was published for typo3/cms-core (Composer) May 30, 2024
Twig Path Traversal vulnerability in the filesystem loader Moderate
GHSA-7cvr-xhm5-x998 was published for twig/twig (Composer) May 30, 2024
Thelia BackOffice default template vulnerable to Cross-site Scripting Moderate
GHSA-pp7v-wxx9-hm6r was published for thelia/backoffice-default-template (Composer) May 30, 2024
Thelia Cross-site Scripting vulnerability in BackOffice Moderate
GHSA-vq4j-qcx7-ppc6 was published for thelia/thelia (Composer) May 30, 2024
Symfony2 improper IP based access control Moderate
GHSA-hx53-jchx-cr52 was published for symfony/symfony (Composer) May 30, 2024
Symfony may allow a user to switch to using another user's identity Moderate
GHSA-7mx2-7q8p-pgmw was published for symfony/symfony (Composer) May 30, 2024
Symfony has unsafe methods in the Request class Moderate
CVE-2015-2309 was published for symfony/http-foundation (Composer) May 30, 2024
Symfony has a security issue when parsing the Authorization header Moderate
CVE-2014-6061 was published for symfony/http-foundation (Composer) May 30, 2024
Symfony2 security issue when the trust proxy mode is enabled Moderate
GHSA-vfm6-r2gc-pwww was published for symfony/http-foundation (Composer) May 30, 2024
symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension Moderate
GHSA-g5vj-wj9x-4jg9 was published for symbiote/silverstripe-multivaluefield (Composer) May 29, 2024
Sylius Admin Bundle Cross-Site Request Forgery vulnerability Moderate
GHSA-945h-6vcv-pc8h was published for sylius/admin-bundle (Composer) May 29, 2024
Sylius Resource Bundle Cross-Site Request Forgery vulnerability Moderate
GHSA-65v7-wg35-2qpm was published for sylius/resource-bundle (Composer) May 29, 2024
Aimeos denial of service vulnerability in SaaS and marketplace setups Moderate
CVE-2024-37294 was published for aimeos/aimeos-core (Composer) May 29, 2024
ssshah2131
stormpath/sdk uses Insecure Random Number Generator Moderate
GHSA-q8fc-v85f-78pw was published for stormpath/sdk (Composer) May 29, 2024
ScnSocialAuth Cross-site Scripting vulnerability in login redirect param Moderate
GHSA-g6f5-4w43-2x63 was published for socalnick/scn-social-auth (Composer) May 29, 2024
SimpleSAMLphp Information Disclosure vulnerability Moderate
GHSA-ppm4-r2vc-pg74 was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
SimpleSAMLphp Reflected Cross-site Scripting vulnerability Moderate
GHSA-vpr3-cw3h-prw8 was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
SimpleSAMLphp exposes credentials in session storage Moderate
GHSA-7wh8-jrq7-p27f was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
SimpleSAMLphp Link Injection vulnerability Moderate
GHSA-v858-922f-fj9v was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
silverstripe/userforms file upload exposure on UserForms module Moderate
GHSA-55pp-293f-3365 was published for silverstripe/userforms (Composer) May 28, 2024
formwork Cross-site scripting vulnerability in Markdown fields Moderate
CVE-2024-35621 was published for getformwork/formwork (Composer) May 28, 2024
Kyokito1412
silverstripe/framework may disclose database credentials during connection failure Moderate
GHSA-m2hh-2m46-x6j5 was published for silverstripe/framework (Composer) May 28, 2024
silverstripe/framework vulnerable to member disclosure in login form Moderate
GHSA-crr3-h4m8-7f56 was published for silverstripe/framework (Composer) May 27, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database