Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,690
Maven
5,000+
npm
4,320
NuGet
760
pip
4,096
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,883 advisories

Loading
SimpleSAMLphp allows timing side-channel attacks Moderate
CVE-2017-12872 was published for simplesamlphp/simplesamlphp (Composer) May 14, 2022
Authentication bypass in SilverStripe GraphQL Moderate
CVE-2020-26136 was published for silverstripe/graphql (Composer) Jun 10, 2021
G-Rath
Credited to G-Rath
Silverstripe has Incorrect Default Permissions Moderate
CVE-2020-6165 was published for silverstripe/graphql (Composer) May 24, 2022
Ability to expose data in Sylius by using an unintended serialisation group Moderate
CVE-2020-5220 was published for sylius/resource-bundle (Composer) Jan 31, 2020
Incorrect signature verification in SimpleSAMLphp Moderate
CVE-2016-9955 was published for simplesamlphp/simplesamlphp (Composer) Jan 24, 2020
thijskh
Credited to thijskh
FormField with square brackets in field name skips validation Moderate
CVE-2020-26138 was published for silverstripe/framework (Composer) Mar 26, 2022
Silverstripe CMS XSS Vulnerability Moderate
CVE-2020-9311 was published for silverstripe/cms (Composer) May 24, 2022
SilverStripe Versioned Files module Unpublished files are exposed publicly Moderate
CVE-2019-16409 was published for silverstripe/framework (Composer) Nov 12, 2019
SabreDAV Directory Traversal vulnerability Moderate
CVE-2013-1939 was published for sabre/dav (Composer) May 14, 2022
Open Redirect in AllTube Moderate
CVE-2022-0692 was published for rudloff/alltube (Composer) Feb 23, 2022
hitisec
Credited to hitisec
Form validation can be skipped Moderate
CVE-2021-32697 was published for neos/form (Composer) Jun 22, 2021
anianweber
Credited to anianweber
XSS vulnerability on password reset page Moderate
CVE-2021-27909 was published for mautic/core (Composer) Sep 1, 2021
mohit-rocks ZhenwarX
tdunlap607
Credited to mohit-rocks, ZhenwarX, and tdunlap607
Cross-site Scripting in Semantic MediaWiki Moderate
CVE-2022-48614 was published for mediawiki/semantic-media-wiki (Composer) Dec 10, 2023
Test code in published microsoft-graph-core package exposes phpinfo() Moderate
CVE-2023-49283 was published for microsoft/microsoft-graph-core (Composer) Dec 5, 2023
Test code in published microsoft-graph package exposes phpinfo() Moderate
CVE-2023-49282 was published for microsoft/microsoft-graph (Composer) Dec 5, 2023
Symfony Open Redirect Moderate
CVE-2017-16652 was published for symfony/security (Composer) May 14, 2022
Symfony Open Redirect Moderate
CVE-2018-11408 was published for symfony/security-bundle (Composer) May 14, 2022
Symfony CSRF Vulnerability Moderate
CVE-2017-16653 was published for symfony/security (Composer) May 13, 2022
Symfony DoS Moderate
CVE-2018-11386 was published for symfony/http-foundation (Composer) May 14, 2022
Session fixation in change password form Moderate
CVE-2019-12203 was published for silverstripe/framework (Composer) Nov 12, 2019
TYPO3 is vulnerable to Spam Abuse in the native form content element Moderate
CVE-2010-3667 was published for typo3/cms-frontend (Composer) Apr 21, 2022
TYPO3 is vulnerable to Information Disclosure on the backend Moderate
CVE-2010-3664 was published for typo3/cms-backend (Composer) Apr 21, 2022
TYPO3 is vulnerable to Insecure randomness in uniqid function Moderate
CVE-2010-3666 was published for typo3/cms-install (Composer) Apr 21, 2022
TYPO3 Open Redirection vulnerability on the backend Moderate
CVE-2010-3661 was published for typo3/cms-backend (Composer) Apr 21, 2022
TYPO3 is vulnerable to Cross-Site Scripting (XSS) on the backend Moderate
CVE-2010-3660 was published for typo3/cms-backend (Composer) Apr 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database