GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
222 advisories
Filter by severity
Adminer file disclosure vulnerability
High
GHSA-97h7-mf38-g9mf
was published
for
vrana/adminer
(Composer)
Jun 7, 2024
Zend-developer-tools information disclosure vulnerability
Moderate
GHSA-qg7m-mwxm-j3h7
was published
for
zendframework/zend-developer-tools
(Composer)
Jun 7, 2024
ZendFramework Information Disclosure and Insufficient Entropy vulnerability
Moderate
GHSA-2fhr-8r8r-qp56
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
TYPO3 Information Disclosure in Install Tool
Moderate
GHSA-6487-3qvg-8px9
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Information Disclosure of Installed Extensions
Moderate
GHSA-f624-8hfq-5fh3
was published
for
typo3/cms
(Composer)
Jun 7, 2024
Password hash exposed in CraftCMS two factor authentication plugin
Low
CVE-2024-5657
was published
for
born05/craft-twofactorauthentication
(Composer)
Jun 6, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
Moderate
CVE-2024-34005
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
Moderate
CVE-2024-34003
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
Moderate
CVE-2024-34004
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
Moderate
CVE-2024-34002
was published
for
moodle/moodle
(Composer)
May 31, 2024
Typo3 Arbitrary File Disclosure in Form Component
Moderate
GHSA-wrpf-2x8h-82gr
was published
for
typo3/cms
(Composer)
Jun 4, 2024
TYPO3 Frontend vulnerable to Unauthenticated Path Disclosure
Moderate
GHSA-pqfv-97hj-g97g
was published
for
typo3/cms
(Composer)
May 30, 2024
TYPO3 Information Disclosure Vulnerability Exploitable by Editors
Moderate
GHSA-r287-hc8j-w56h
was published
for
typo3/cms
(Composer)
May 30, 2024
TYPO3 Disclosure of Information about Installed Extensions
Moderate
GHSA-p2h4-7fp3-cmh8
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Information Disclosure in Page Tree
Moderate
GHSA-wvvp-jwf5-qcpc
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Information Disclosure in Install Tool
Moderate
GHSA-66c2-7g4p-wx4p
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Symfony allows direct access of ESI URLs behind a trusted proxy
High
CVE-2014-5245
was published
for
symfony/http-kernel
(Composer)
May 30, 2024
silverstripe/userforms file upload exposure on UserForms module
Moderate
GHSA-55pp-293f-3365
was published
for
silverstripe/userforms
(Composer)
May 28, 2024
silverstripe/framework vulnerable to member disclosure in login form
Moderate
GHSA-crr3-h4m8-7f56
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms
Moderate
GHSA-r3pr-fh25-wrfc
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework's URL parameters `isDev` and `isTest` unguarded
Moderate
GHSA-55qg-6c4m-mw6g
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework member disclosure in login form
Moderate
GHSA-g84q-cq55-xwgp
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Silverstripe CMS information disclosure
High
CVE-2020-6164
was published
for
silverstripe/cms
(Composer)
May 24, 2022
MediaWiki information disclosure
Moderate
CVE-2019-16738
was published
for
mediawiki/core
(Composer)
May 24, 2022
Wikimedia information leak vulnerability
High
CVE-2019-12474
was published
for
mediawiki/core
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API