Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

52 advisories

Loading
Browsershot Improper Input Validation vulnerability High
CVE-2024-21549 was published for spatie/browsershot (Composer) Dec 20, 2024
Sylius has a security vulnerability via adjustments API endpoint High
CVE-2024-40633 was published for sylius/sylius (Composer) Jul 17, 2024
Adminer file disclosure vulnerability High
GHSA-97h7-mf38-g9mf was published for vrana/adminer (Composer) Jun 7, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments High
CVE-2024-34002 was published for moodle/moodle (Composer) May 31, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments High
CVE-2024-34005 was published for moodle/moodle (Composer) May 31, 2024
Symfony allows direct access of ESI URLs behind a trusted proxy High
CVE-2014-5245 was published for symfony/http-kernel (Composer) May 30, 2024
eZ Platform User data disclosure High
GHSA-3g43-xfrw-pv5m was published for ezsystems/repository-forms (Composer) May 15, 2024
eZ Publish Information disclosure in backend content tree menu High
GHSA-cc2j-92jq-wgjg was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Contao: Possible cookie sharing with external domains while checking protected pages for broken links High
CVE-2024-28235 was published for contao/core-bundle (Composer) Apr 9, 2024
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler High
CVE-2024-25121 was published for typo3/cms-core (Composer) Feb 13, 2024
ohader
Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method High
CVE-2023-48122 was published for microweber/microweber (Composer) Dec 8, 2023
Pimcore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2023-3819 was published for pimcore/pimcore (Composer) Jul 21, 2023
dkarlovi
TeamPass information exposure vulnerability High
CVE-2023-3553 was published for nilsteampassnet/teampass (Composer) Jul 8, 2023
league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase High
CVE-2023-37260 was published for league/oauth2-server (Composer) Jul 6, 2023
MHC03 christianmeller
Dolibarr vulnerable to unauthenticated database access High
CVE-2023-33568 was published for dolibarr/dolibarr (Composer) Jun 13, 2023
RosarioSIS Improper Access Control vulnerability High
CVE-2023-0994 was published for francoisjacquet/rosariosis (Composer) Feb 24, 2023
Codiad information disclosure vulnerability High
CVE-2017-20178 was published for codiad/codiad (Composer) Feb 21, 2023
Craft CMS discloses password hashes High
CVE-2022-37783 was published for craftcms/cms (Composer) Dec 5, 2022
ezplatform-graphql GraphQL queries can expose password hashes High
CVE-2022-41876 was published for ezsystems/ezplatform-graphql (Composer) Nov 10, 2022
tranca
Valinor error messages leading to potential data exfiltration before v0.12.0 High
CVE-2022-31140 was published for cuyz/valinor (Composer) Jul 12, 2022
Change in port should be considered a change in origin High
CVE-2022-31091 was published for guzzlehttp/guzzle (Composer) Jun 21, 2022
CURLOPT_HTTPAUTH option not cleared on change of origin High
CVE-2022-31090 was published for guzzlehttp/guzzle (Composer) Jun 21, 2022
Failure to strip the Cookie header on change in host or HTTP downgrade High
CVE-2022-31042 was published for guzzlehttp/guzzle (Composer) Jun 9, 2022
GrahamCampbell am0o0
Fix failure to strip Authorization header on HTTP downgrade High
CVE-2022-31043 was published for guzzlehttp/guzzle (Composer) Jun 9, 2022
GrahamCampbell
Cross-domain cookie leakage in Guzzle High
CVE-2022-29248 was published for guzzlehttp/guzzle (Composer) May 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database