GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,873 advisories
Filter by severity
friendsofsymfony/oauth2-php open redirection in oauth
Moderate
GHSA-xm3x-4ph3-3x9c
was published
for
friendsofsymfony/oauth2-php
(Composer)
May 15, 2024
firebase/php-jwt: "None" Algorithm treated as valid on tokens
Critical
GHSA-h533-5v22-8vcp
was published
for
firebase/php-jwt
(Composer)
May 15, 2024
eZ Platform User data disclosure
High
GHSA-3g43-xfrw-pv5m
was published
for
ezsystems/repository-forms
(Composer)
May 15, 2024
eZ Platform Admin UI is vulnerable to Cross-site Scripting (XSS)
Moderate
GHSA-w9p3-26fx-5mp3
was published
for
ezsystems/platform-ui-assets-bundle
(Composer)
May 15, 2024
Ez Platform Object Injection in legacy shop module
Moderate
GHSA-39j2-4p9j-5w4j
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
EZsystems Remote code execution in file uploads
High
GHSA-9895-26wr-4fgv
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
Stakater Forecastle has a directory traversal vulnerability
High
CVE-2023-40297
was published
for
github.com/stakater/Forecastle
(Go)
May 15, 2024
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads
Moderate
GHSA-pqjm-xcp8-wgmm
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
eZ Publish Legacy Passwordless login for LDAP users
High
GHSA-p9mp-vq4v-v5m5
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
eZ Publish Legacy Cross-site Scripting (XSS) in 'disabled module' error template
Moderate
GHSA-2vh3-cj9j-mcj5
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
eZ Platform Object Injection in SiteAccessMatchListener
High
GHSA-64vj-933f-6pm3
was published
for
ezsystems/ezpublish-kernel
(Composer)
May 15, 2024
eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities
High
GHSA-82rv-45pc-v28w
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
eZ Publish Information disclosure in backend content tree menu
High
GHSA-cc2j-92jq-wgjg
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
eZ Publish Remote code execution in file uploads
High
GHSA-3vwr-jj4f-h98x
was published
for
ezsystems/ezpublish-kernel
(Composer)
May 15, 2024
eZ Platform Prevent accepting app.php in URL in Platform.sh
Moderate
GHSA-qhjc-hg94-245v
was published
for
ezsystems/ezplatform
(Composer)
May 15, 2024
eZ Platform REST API returns list of all SiteAccesses
Moderate
GHSA-9wwx-c723-vm8x
was published
for
ezsystems/ezpublish-kernel
(Composer)
May 15, 2024
eZ Platform Rules to disable executable access are ignored on Platform.sh (eZ Cloud)
Moderate
GHSA-6xch-2vxx-5pvr
was published
for
ezsystems/ezplatform
(Composer)
May 15, 2024
eZ Platform CSRF token in login form is disabled by default
High
GHSA-45qm-j4m9-whv9
was published
for
ezsystems/ezplatform
(Composer)
May 15, 2024
eZ Platform Admin UI Password reset vulnerability
High
GHSA-hfpp-2vhw-qq43
was published
for
ezsystems/ezplatform-user
(Composer)
May 15, 2024
eZ Platform Object Injection in SiteAccessMatchListener
High
GHSA-2w9p-xxqr-h253
was published
for
ezsystems/ezplatform-kernel
(Composer)
May 15, 2024
eZ Platform Admin UI Cross-site Scripting vulnerability
High
GHSA-q73v-79x3-jv2w
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
May 15, 2024
eZ Platform Password reset vulnerability
High
GHSA-cg84-55jx-4237
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
May 15, 2024
eZ Platform Editor Cross-site Scripting (XSS)
Moderate
GHSA-4c2w-v5rq-5mx7
was published
for
ezsystems/ezplatform-admin-ui-assets
(Composer)
May 15, 2024
eZ Platform Bundled jQuery affected by CVE-2019-11358
Moderate
GHSA-jrpw-8884-2747
was published
for
ezsystems/ezplatform-admin-ui-assets
(Composer)
May 15, 2024
Cross-site Scripting in eZFind spellcheck
High
GHSA-9cq2-pcgr-8h62
was published
for
ezsystems/ezfind-ls
(Composer)
May 15, 2024
ProTip!
Advisories are also available from the
GraphQL API