Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

62 advisories

Moodle ReCAPTCHA can be bypassed on the login page Moderate
CVE-2024-34009 was published for moodle/moodle (Composer) May 31, 2024
Moodle broken access control when setting calendar event type Moderate
CVE-2024-33996 was published for moodle/moodle (Composer) May 31, 2024
TYPO3 Brute Force Protection Bypass in backend login Moderate
GHSA-jqr8-q455-xx45 was published for typo3/cms (Composer) May 30, 2024
Symfony has unsafe methods in the Request class Moderate
CVE-2015-2309 was published for symfony/http-foundation (Composer) May 30, 2024
Symfony has a security issue when parsing the Authorization header Moderate
CVE-2014-6061 was published for symfony/http-foundation (Composer) May 30, 2024
silverstripe/framework uploaded PHP script execution in assets Moderate
GHSA-f43j-8hq4-2xj9 was published for silverstripe/framework (Composer) May 27, 2024
Laravel Guard bypass in Eloquent models Moderate
GHSA-44pg-c29v-hp6r was published for laravel/framework (Composer) May 15, 2024
Laravel Risk of mass-assignment vulnerabilities Moderate
GHSA-rj3w-99gc-8j58 was published for laravel/framework (Composer) May 15, 2024
Laravel Risk of mass-assignment vulnerabilities Moderate
GHSA-cc2w-ghc5-m5qr was published for illuminate/database (Composer) May 15, 2024
class.upload.php allows cross-site scripting attacks via uploaded files Moderate
CVE-2023-6551 was published for verot/class.upload.php (Composer) Jan 4, 2024
Denial of service caused by infinite recursion when parsing SVG images Moderate
CVE-2023-50262 was published for dompdf/dompdf (Composer) Dec 13, 2023
cod3beat
Prevent injection of invalid entity ids for "autocomplete" fields Moderate
CVE-2023-41336 was published for symfony/ux-autocomplete (Composer) Sep 11, 2023
janklan
PrestaShop file deletion via CustomerMessage Moderate
CVE-2023-39530 was published for prestashop/prestashop (Composer) Aug 9, 2023
kto94
PrestaShop file deletion via attachment API Moderate
CVE-2023-39529 was published for prestashop/prestashop (Composer) Aug 9, 2023
kto94
omeka/omeka-s Improper Input Validation vulnerability Moderate
CVE-2023-4157 was published for omeka/omeka-s (Composer) Aug 4, 2023
Pimcore vulnerable to Business Logic Errors via Customer automation rules Moderate
CVE-2023-32075 was published for pimcore/customer-management-framework-bundle (Composer) May 11, 2023
khanhchauminh
Firefly III vulnerable to improper input validation Moderate
CVE-2023-1789 was published for grumpydictator/firefly-iii (Composer) Apr 1, 2023
phpMyFAQ vulnerable to improper input validation Moderate
CVE-2023-1754 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
Moodle arbitrary file read vulnerability Moderate
CVE-2023-28330 was published for moodle/moodle (Composer) Mar 23, 2023
Moodle Improper Input Validation vulnerability Moderate
CVE-2021-36402 was published for moodle/moodle (Composer) Mar 7, 2023
Shopware has Improper Input Validation issue in newsletter subscription Moderate
CVE-2023-22734 was published for shopware/core (Composer) Jan 20, 2023
Shopware vulnerable to Improper Input Validation of Clearance sale in cart Moderate
CVE-2023-22730 was published for shopware/core (Composer) Jan 17, 2023
JoshuaBehrens aragon999
Browsershot version 3.57.3 vulnerable to improper input validation Moderate
CVE-2022-43984 was published for spatie/browsershot (Composer) Nov 25, 2022
tdunlap607
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent Moderate
CVE-2022-36032 was published for react/http (Composer) Sep 16, 2022
lavish
Magento Improper input validation vulnerability Moderate
CVE-2021-28585 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API