GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
62 advisories
Filter by severity
Moodle ReCAPTCHA can be bypassed on the login page
Moderate
CVE-2024-34009
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle broken access control when setting calendar event type
Moderate
CVE-2024-33996
was published
for
moodle/moodle
(Composer)
May 31, 2024
TYPO3 Brute Force Protection Bypass in backend login
Moderate
GHSA-jqr8-q455-xx45
was published
for
typo3/cms
(Composer)
May 30, 2024
Symfony has unsafe methods in the Request class
Moderate
CVE-2015-2309
was published
for
symfony/http-foundation
(Composer)
May 30, 2024
Symfony has a security issue when parsing the Authorization header
Moderate
CVE-2014-6061
was published
for
symfony/http-foundation
(Composer)
May 30, 2024
silverstripe/framework uploaded PHP script execution in assets
Moderate
GHSA-f43j-8hq4-2xj9
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Laravel Guard bypass in Eloquent models
Moderate
GHSA-44pg-c29v-hp6r
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel Risk of mass-assignment vulnerabilities
Moderate
GHSA-rj3w-99gc-8j58
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel Risk of mass-assignment vulnerabilities
Moderate
GHSA-cc2w-ghc5-m5qr
was published
for
illuminate/database
(Composer)
May 15, 2024
class.upload.php allows cross-site scripting attacks via uploaded files
Moderate
CVE-2023-6551
was published
for
verot/class.upload.php
(Composer)
Jan 4, 2024
Denial of service caused by infinite recursion when parsing SVG images
Moderate
CVE-2023-50262
was published
for
dompdf/dompdf
(Composer)
Dec 13, 2023
Prevent injection of invalid entity ids for "autocomplete" fields
Moderate
CVE-2023-41336
was published
for
symfony/ux-autocomplete
(Composer)
Sep 11, 2023
PrestaShop file deletion via CustomerMessage
Moderate
CVE-2023-39530
was published
for
prestashop/prestashop
(Composer)
Aug 9, 2023
PrestaShop file deletion via attachment API
Moderate
CVE-2023-39529
was published
for
prestashop/prestashop
(Composer)
Aug 9, 2023
omeka/omeka-s Improper Input Validation vulnerability
Moderate
CVE-2023-4157
was published
for
omeka/omeka-s
(Composer)
Aug 4, 2023
Pimcore vulnerable to Business Logic Errors via Customer automation rules
Moderate
CVE-2023-32075
was published
for
pimcore/customer-management-framework-bundle
(Composer)
May 11, 2023
Firefly III vulnerable to improper input validation
Moderate
CVE-2023-1789
was published
for
grumpydictator/firefly-iii
(Composer)
Apr 1, 2023
phpMyFAQ vulnerable to improper input validation
Moderate
CVE-2023-1754
was published
for
thorsten/phpmyfaq
(Composer)
Mar 31, 2023
Moodle arbitrary file read vulnerability
Moderate
CVE-2023-28330
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
Moodle Improper Input Validation vulnerability
Moderate
CVE-2021-36402
was published
for
moodle/moodle
(Composer)
Mar 7, 2023
Shopware has Improper Input Validation issue in newsletter subscription
Moderate
CVE-2023-22734
was published
for
shopware/core
(Composer)
Jan 20, 2023
Shopware vulnerable to Improper Input Validation of Clearance sale in cart
Moderate
CVE-2023-22730
was published
for
shopware/core
(Composer)
Jan 17, 2023
Browsershot version 3.57.3 vulnerable to improper input validation
Moderate
CVE-2022-43984
was published
for
spatie/browsershot
(Composer)
Nov 25, 2022
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
Moderate
CVE-2022-36032
was published
for
react/http
(Composer)
Sep 16, 2022
Magento Improper input validation vulnerability
Moderate
CVE-2021-28585
was published
for
magento/community-edition
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API