GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
64 advisories
Filter by severity
Symfony allows changing the environment through a query
Moderate
CVE-2024-50340
was published
for
symfony/runtime
(Composer)
Nov 6, 2024
Magento Open Source Improper Input Validation vulnerability
Moderate
CVE-2024-45117
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Contao affected by insert tag injection via canonical URL
Moderate
CVE-2024-45612
was published
for
contao/core-bundle
(Composer)
Sep 17, 2024
Moodle broken access control when setting calendar event type
Moderate
CVE-2024-33996
was published
for
moodle/moodle
(Composer)
May 31, 2024
TYPO3 Brute Force Protection Bypass in backend login
Moderate
GHSA-jqr8-q455-xx45
was published
for
typo3/cms
(Composer)
May 30, 2024
Symfony has unsafe methods in the Request class
Moderate
CVE-2015-2309
was published
for
symfony/http-foundation
(Composer)
May 30, 2024
Symfony has a security issue when parsing the Authorization header
Moderate
CVE-2014-6061
was published
for
symfony/http-foundation
(Composer)
May 30, 2024
silverstripe/framework uploaded PHP script execution in assets
Moderate
GHSA-f43j-8hq4-2xj9
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Laravel Guard bypass in Eloquent models
Moderate
GHSA-44pg-c29v-hp6r
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel Risk of mass-assignment vulnerabilities
Moderate
GHSA-rj3w-99gc-8j58
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel Risk of mass-assignment vulnerabilities
Moderate
GHSA-cc2w-ghc5-m5qr
was published
for
illuminate/database
(Composer)
May 15, 2024
class.upload.php allows cross-site scripting attacks via uploaded files
Moderate
CVE-2023-6551
was published
for
verot/class.upload.php
(Composer)
Jan 4, 2024
Denial of service caused by infinite recursion when parsing SVG images
Moderate
CVE-2023-50262
was published
for
dompdf/dompdf
(Composer)
Dec 13, 2023
Prevent injection of invalid entity ids for "autocomplete" fields
Moderate
CVE-2023-41336
was published
for
symfony/ux-autocomplete
(Composer)
Sep 11, 2023
PrestaShop file deletion via CustomerMessage
Moderate
CVE-2023-39530
was published
for
prestashop/prestashop
(Composer)
Aug 9, 2023
PrestaShop file deletion via attachment API
Moderate
CVE-2023-39529
was published
for
prestashop/prestashop
(Composer)
Aug 9, 2023
omeka/omeka-s Improper Input Validation vulnerability
Moderate
CVE-2023-4157
was published
for
omeka/omeka-s
(Composer)
Aug 4, 2023
Pimcore vulnerable to Business Logic Errors via Customer automation rules
Moderate
CVE-2023-32075
was published
for
pimcore/customer-management-framework-bundle
(Composer)
May 11, 2023
Firefly III vulnerable to improper input validation
Moderate
CVE-2023-1789
was published
for
grumpydictator/firefly-iii
(Composer)
Apr 1, 2023
phpMyFAQ vulnerable to improper input validation
Moderate
CVE-2023-1754
was published
for
thorsten/phpmyfaq
(Composer)
Mar 31, 2023
Moodle arbitrary file read vulnerability
Moderate
CVE-2023-28330
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
Moodle Improper Input Validation vulnerability
Moderate
CVE-2021-36402
was published
for
moodle/moodle
(Composer)
Mar 7, 2023
Shopware has Improper Input Validation issue in newsletter subscription
Moderate
CVE-2023-22734
was published
for
shopware/core
(Composer)
Jan 20, 2023
Shopware vulnerable to Improper Input Validation of Clearance sale in cart
Moderate
CVE-2023-22730
was published
for
shopware/core
(Composer)
Jan 17, 2023
Browsershot version 3.57.3 vulnerable to improper input validation
Moderate
CVE-2022-43984
was published
for
spatie/browsershot
(Composer)
Nov 25, 2022
ProTip!
Advisories are also available from the
GraphQL API