Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,300
NuGet
760
pip
4,078
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,868 advisories

Loading
Silverstripe IE requests not properly behaving with rewritehashlinks Moderate
GHSA-5f5v-5c3v-gw5v was published for silverstripe/framework (Composer) May 23, 2024
Silverstripe Forum Module CSRF Vulnerability Moderate
GHSA-w8fq-xgvh-cxc2 was published for silverstripe/forum (Composer) May 23, 2024
SilverStripe Web Cache Poisoning through HTTPRequestBuilder Moderate
CVE-2019-19326 was published for silverstripe/framework (Composer) May 24, 2022
Silverstripe XSS vulnerability via VirtualPage Moderate
GHSA-r97r-64vp-fghm was published for silverstripe/cms (Composer) May 22, 2024
Silverstripe History XSS Vulnerability Moderate
GHSA-6hh6-59j2-qrxw was published for silverstripe/cms (Composer) May 22, 2024
Shopware Non-Persistent XSS in the Frontend Moderate
GHSA-jqr7-5h7r-ch8p was published for shopware/shopware (Composer) May 21, 2024
sensiolabs/connect has a Cross-Site Request Forgery Vulnerability Moderate
GHSA-6wqp-7g94-f69j was published for sensiolabs/connect (Composer) May 21, 2024
verbb/formie Server-Side Template Injection for variable-enabled settings Moderate
CVE-2024-35191 was published for verbb/formie (Composer) May 20, 2024
xcapri
Credited to xcapri
AVideo cross-site scripting vulnerability in the view/about.php page Moderate
CVE-2024-34899 was published for wwbn/avideo (Composer) May 20, 2024
Pusher Service Channel Authentication Bypass Moderate
GHSA-7v7m-pcw5-h3cg was published for pusher/pusher-php-server (Composer) May 20, 2024
phpxmlrpc/extra XSS in class documenting_xmlrpc_server Moderate
GHSA-ww6p-q26w-fr6m was published for phpxmlrpc/extras (Composer) May 20, 2024
Passbolt Api Tabnabbing when opening URI with menu "Open URI in a new tab" Moderate
GHSA-qm5v-pj64-852j was published for passbolt/passbolt_api (Composer) May 20, 2024
Passbolt Api E-mail HTML injection Moderate
GHSA-v86m-j5f7-ccwh was published for passbolt/passbolt_api (Composer) May 20, 2024
OroPlatform Forced Redirect to External Website Moderate
GHSA-3vhm-q4w3-rw8q was published for oro/platform (Composer) May 20, 2024
OroCRM Forced Redirect to External Website Moderate
GHSA-v8hp-239v-9367 was published for oro/crm (Composer) May 20, 2024
Duplicate Advisory: Sylius Cross Site Scripting (XSS) vulnerability Moderate
GHSA-mw82-6m2g-qh6c was published for sylius/sylius (Composer) Apr 22, 2024 withdrawn
onelogin/php-saml signature wrapping attacks Moderate
CVE-2016-1000253 was published for onelogin/php-saml (Composer) May 17, 2024
Privilege Escalation in TYPO3 Neos Moderate
GHSA-43cf-7f3h-38rg was published for neos/neos (Composer) May 17, 2024
Time-Based Information Disclosure Vulnerability in Flow Moderate
GHSA-6pq8-67pw-j6hw was published for neos/flow (Composer) May 17, 2024
Neos Flow Information disclosure in entity security Moderate
GHSA-9cw3-j7wg-jwj8 was published for neos/flow (Composer) May 17, 2024
Neos Flow Arbitrary file upload and XML External Entity processing Moderate
GHSA-5vv7-j593-mgjc was published for neos/flow (Composer) May 17, 2024
Passbolt API is vulnerable to XSS in the url field on the password workspace grid and sidebar Moderate
CVE-2017-1000442 was published for passbolt/passbolt_api (Composer) May 14, 2022
MediaWiki Special:UserRights exposes the existence of hidden users Moderate
CVE-2020-25813 was published for mediawiki/core (Composer) May 24, 2022
MediaWiki Cross-site Scripting (XSS) vulnerability Moderate
CVE-2020-25815 was published for mediawiki/core (Composer) May 24, 2022
MediaWiki Cross-site Scripting (XSS) vulnerability Moderate
CVE-2020-25828 was published for mediawiki/core (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database