Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,300
NuGet
760
pip
4,078
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,868 advisories

Loading
State Guessing Vulnerability in laravel/socialite Moderate
GHSA-7fjv-25q9-2w88 was published for laravel/socialite (Composer) May 15, 2024
Laravel Guard bypass in Eloquent models Moderate
GHSA-44pg-c29v-hp6r was published for laravel/framework (Composer) May 15, 2024
Laravel Cross-site Scripting (XSS) vulnerability in blade templating Moderate
GHSA-vr95-p7q6-8m9q was published for laravel/framework (Composer) May 15, 2024
Laravel Encrypter Component Potential Decryption Failure Leading to Unintended Behavior Moderate
GHSA-7852-w36x-6mf6 was published for laravel/framework (Composer) May 15, 2024
Laravel Hijacked authentication cookies vulnerability Moderate
GHSA-p62r-7637-3wwc was published for laravel/framework (Composer) May 15, 2024
Laravel Risk of mass-assignment vulnerabilities Moderate
GHSA-rj3w-99gc-8j58 was published for laravel/framework (Composer) May 15, 2024
Read private customer data reclaiming carts in Klaviyo Magento Moderate
GHSA-hvgw-gg3p-295j was published for klaviyo/magento2-extension (Composer) May 15, 2024
Laravel Cross-site Scripting vulnerability in blade templating Moderate
GHSA-297g-xg4h-7w4c was published for illuminate/view (Composer) May 15, 2024
Laravel Risk of mass-assignment vulnerabilities Moderate
GHSA-cc2w-ghc5-m5qr was published for illuminate/database (Composer) May 15, 2024
Laravel Hijacked authentication cookies vulnerability Moderate
GHSA-q4xf-7fw5-4x8v was published for illuminate/auth (Composer) May 15, 2024
fuel/core Crypt encryption compromised. Moderate
GHSA-fgrx-4637-fcf5 was published for fuel/core (Composer) May 15, 2024
FOSUserBundle User Identity Validation Vulnerability Moderate
GHSA-8wx3-8m4x-g5h4 was published for friendsofsymfony/user-bundle (Composer) May 15, 2024
FOSUserBundle Entropy is lost in the TokenGenerator Moderate
GHSA-pjx8-984p-7p3x was published for friendsofsymfony/user-bundle (Composer) May 15, 2024
FOSRestBundle issue with broken validation of JSONP callbacks Moderate
GHSA-p9fg-j6ww-953m was published for friendsofsymfony/rest-bundle (Composer) May 15, 2024
friendsofsymfony/oauth2-php open redirection in oauth Moderate
GHSA-xm3x-4ph3-3x9c was published for friendsofsymfony/oauth2-php (Composer) May 15, 2024
eZ Platform Admin UI is vulnerable to Cross-site Scripting (XSS) Moderate
GHSA-w9p3-26fx-5mp3 was published for ezsystems/platform-ui-assets-bundle (Composer) May 15, 2024
Ez Platform Object Injection in legacy shop module Moderate
GHSA-39j2-4p9j-5w4j was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads Moderate
GHSA-pqjm-xcp8-wgmm was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
eZ Publish Legacy Cross-site Scripting (XSS) in 'disabled module' error template Moderate
GHSA-2vh3-cj9j-mcj5 was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
eZ Platform Prevent accepting app.php in URL in Platform.sh Moderate
GHSA-qhjc-hg94-245v was published for ezsystems/ezplatform (Composer) May 15, 2024
eZ Platform REST API returns list of all SiteAccesses Moderate
GHSA-9wwx-c723-vm8x was published for ezsystems/ezpublish-kernel (Composer) May 15, 2024
eZ Platform Rules to disable executable access are ignored on Platform.sh (eZ Cloud) Moderate
GHSA-6xch-2vxx-5pvr was published for ezsystems/ezplatform (Composer) May 15, 2024
eZ Platform Editor Cross-site Scripting (XSS) Moderate
GHSA-4c2w-v5rq-5mx7 was published for ezsystems/ezplatform-admin-ui-assets (Composer) May 15, 2024
eZ Platform Bundled jQuery affected by CVE-2019-11358 Moderate
GHSA-jrpw-8884-2747 was published for ezsystems/ezplatform-admin-ui-assets (Composer) May 15, 2024
ezsystems/ez-support-tools Failing access control in system info view Moderate
GHSA-xmp3-7745-g4vj was published for ezsystems/ez-support-tools (Composer) May 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database