Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

47 advisories

Adminer file disclosure vulnerability High
GHSA-97h7-mf38-g9mf was published for vrana/adminer (Composer) Jun 7, 2024
Symfony allows direct access of ESI URLs behind a trusted proxy High
CVE-2014-5245 was published for symfony/http-kernel (Composer) May 30, 2024
eZ Platform User data disclosure High
GHSA-3g43-xfrw-pv5m was published for ezsystems/repository-forms (Composer) May 15, 2024
eZ Publish Information disclosure in backend content tree menu High
GHSA-cc2j-92jq-wgjg was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Contao: Possible cookie sharing with external domains while checking protected pages for broken links High
CVE-2024-28235 was published for contao/core-bundle (Composer) Apr 9, 2024
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler High
CVE-2024-25121 was published for typo3/cms-core (Composer) Feb 13, 2024
ohader
Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method High
CVE-2023-48122 was published for microweber/microweber (Composer) Dec 8, 2023
Pimcore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2023-3819 was published for pimcore/pimcore (Composer) Jul 21, 2023
dkarlovi
TeamPass information exposure vulnerability High
CVE-2023-3553 was published for nilsteampassnet/teampass (Composer) Jul 8, 2023
league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase High
CVE-2023-37260 was published for league/oauth2-server (Composer) Jul 6, 2023
MHC03 christianmeller
Dolibarr vulnerable to unauthenticated database access High
CVE-2023-33568 was published for dolibarr/dolibarr (Composer) Jun 13, 2023
RosarioSIS Improper Access Control vulnerability High
CVE-2023-0994 was published for francoisjacquet/rosariosis (Composer) Feb 24, 2023
Codiad information disclosure vulnerability High
CVE-2017-20178 was published for codiad/codiad (Composer) Feb 21, 2023
Craft CMS discloses password hashes High
CVE-2022-37783 was published for craftcms/cms (Composer) Dec 5, 2022
ezplatform-graphql GraphQL queries can expose password hashes High
CVE-2022-41876 was published for ezsystems/ezplatform-graphql (Composer) Nov 10, 2022
tranca
Valinor error messages leading to potential data exfiltration before v0.12.0 High
CVE-2022-31140 was published for cuyz/valinor (Composer) Jul 12, 2022
Change in port should be considered a change in origin High
CVE-2022-31091 was published for guzzlehttp/guzzle (Composer) Jun 21, 2022
CURLOPT_HTTPAUTH option not cleared on change of origin High
CVE-2022-31090 was published for guzzlehttp/guzzle (Composer) Jun 21, 2022
Failure to strip the Cookie header on change in host or HTTP downgrade High
CVE-2022-31042 was published for guzzlehttp/guzzle (Composer) Jun 9, 2022
GrahamCampbell am0o0
Fix failure to strip Authorization header on HTTP downgrade High
CVE-2022-31043 was published for guzzlehttp/guzzle (Composer) Jun 9, 2022
GrahamCampbell
Cross-domain cookie leakage in Guzzle High
CVE-2022-29248 was published for guzzlehttp/guzzle (Composer) May 25, 2022
Microweber Discloses Sensitive Information High
CVE-2020-13405 was published for microweber/microweber (Composer) May 24, 2022
Silverstripe CMS information disclosure High
CVE-2020-6164 was published for silverstripe/cms (Composer) May 24, 2022
Magento defense-in-depth security mitigation vulnerability High
CVE-2020-9591 was published for magento/community-edition (Composer) May 24, 2022
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation High
CVE-2020-13700 was published for airesvsg/acf-to-rest-api (Composer) May 24, 2022
MarkLee131
ProTip! Advisories are also available from the GraphQL API