GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+
2,781 advisories
Filter by severity
Data Leakage Vulnerability in livewire/livewire
Moderate
GHSA-qwvp-268g-jjm8
was published
for
livewire/livewire
(Composer)
May 15, 2024
Magento Cross-Site Scripting (XSS) vulnerability
Moderate
GHSA-mcfc-67vm-j568
was published
for
magento/community-edition
(Composer)
May 15, 2024
Neos Flow Arbitrary file upload and XML External Entity processing
Moderate
GHSA-5vv7-j593-mgjc
was published
for
neos/flow
(Composer)
May 17, 2024
Neos Flow Information disclosure in entity security
Moderate
GHSA-9cw3-j7wg-jwj8
was published
for
neos/flow
(Composer)
May 17, 2024
Time-Based Information Disclosure Vulnerability in Flow
Moderate
GHSA-6pq8-67pw-j6hw
was published
for
neos/flow
(Composer)
May 17, 2024
Privilege Escalation in TYPO3 Neos
Moderate
GHSA-43cf-7f3h-38rg
was published
for
neos/neos
(Composer)
May 17, 2024
onelogin/php-saml signature wrapping attacks
Moderate
CVE-2016-1000253
was published
for
onelogin/php-saml
(Composer)
May 17, 2024
OroCRM Forced Redirect to External Website
Moderate
GHSA-v8hp-239v-9367
was published
for
oro/crm
(Composer)
May 20, 2024
OroPlatform Forced Redirect to External Website
Moderate
GHSA-3vhm-q4w3-rw8q
was published
for
oro/platform
(Composer)
May 20, 2024
Passbolt Api E-mail HTML injection
Moderate
GHSA-v86m-j5f7-ccwh
was published
for
passbolt/passbolt_api
(Composer)
May 20, 2024
Passbolt Api Tabnabbing when opening URI with menu "Open URI in a new tab"
Moderate
GHSA-qm5v-pj64-852j
was published
for
passbolt/passbolt_api
(Composer)
May 20, 2024
phpxmlrpc/extra XSS in class documenting_xmlrpc_server
Moderate
GHSA-ww6p-q26w-fr6m
was published
for
phpxmlrpc/extras
(Composer)
May 20, 2024
Pusher Service Channel Authentication Bypass
Moderate
GHSA-7v7m-pcw5-h3cg
was published
for
pusher/pusher-php-server
(Composer)
May 20, 2024
AVideo cross-site scripting vulnerability in the view/about.php page
Moderate
CVE-2024-34899
was published
for
wwbn/avideo
(Composer)
May 20, 2024
verbb/formie Server-Side Template Injection for variable-enabled settings
Moderate
CVE-2024-35191
was published
for
verbb/formie
(Composer)
May 20, 2024
sensiolabs/connect has a Cross-Site Request Forgery Vulnerability
Moderate
GHSA-6wqp-7g94-f69j
was published
for
sensiolabs/connect
(Composer)
May 21, 2024
Shopware Non-Persistent XSS in the Frontend
Moderate
GHSA-jqr7-5h7r-ch8p
was published
for
shopware/shopware
(Composer)
May 21, 2024
Silverstripe History XSS Vulnerability
Moderate
GHSA-6hh6-59j2-qrxw
was published
for
silverstripe/cms
(Composer)
May 22, 2024
Silverstripe XSS vulnerability via VirtualPage
Moderate
GHSA-r97r-64vp-fghm
was published
for
silverstripe/cms
(Composer)
May 22, 2024
Silverstripe Forum Module CSRF Vulnerability
Moderate
GHSA-w8fq-xgvh-cxc2
was published
for
silverstripe/forum
(Composer)
May 23, 2024
Silverstripe IE requests not properly behaving with rewritehashlinks
Moderate
GHSA-5f5v-5c3v-gw5v
was published
for
silverstripe/framework
(Composer)
May 23, 2024
SilverStripe framework XML Quadratic Blowup Attack
Moderate
GHSA-g43w-98wp-m694
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe XSS in TreeDropdownField and TreeMultiSelectField
Moderate
GHSA-r32j-mr8p-hfp8
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe XSS In GridField print
Moderate
GHSA-88jp-9jrv-6368
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe XSS In rewritten hash links
Moderate
GHSA-34q6-xqxh-gq39
was published
for
silverstripe/framework
(Composer)
May 23, 2024
ProTip!
Advisories are also available from the
GraphQL API