GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,678
Erlang
29
GitHub Actions
16
Go
1,707
Maven
4,940
npm
3,471
NuGet
603
pip
2,993
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
237,273 advisories
Filter by severity
silverstripe/framework ReadOnly transformation for formfields exploitable
Moderate
GHSA-97jm-g33h-f46g
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe Cross-site scripting vulnerability in VersionedRequestFilter
Moderate
GHSA-mpqj-f4v3-334h
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe Missing CSRF protection in login form
Moderate
GHSA-vj2j-6g3w-4662
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe Brute force bypass on default admin
Critical
GHSA-8v6m-7f5v-hhx6
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe XSS in CMS Edit Page
Moderate
GHSA-m8v7-x398-pxrf
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe Hostname, IP and Protocol Spoofing through HTTP Headers
Moderate
GHSA-87pf-7x99-5xc4
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter
Moderate
GHSA-2hpc-mf4q-j885
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe Missing security check on dev/build/defaults
Moderate
GHSA-x5w2-wcr8-9q45
was published
for
silverstripe/framework
(Composer)
May 23, 2024
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function...
Unknown
Unreviewed
CVE-2024-35086
was published
May 23, 2024
A user with device administrative privileges can change existing SMTP server settings on the...
Unknown
Unreviewed
CVE-2024-5143
was published
May 23, 2024
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function...
Unknown
Unreviewed
CVE-2024-35091
was published
May 23, 2024
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function...
Unknown
Unreviewed
CVE-2024-35090
was published
May 23, 2024
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ...
Moderate
Unreviewed
CVE-2024-4365
was published
May 23, 2024
A SQL injection vulnerability in /model/update_exam.php in Campcodes Complete Web-Based School...
Unknown
Unreviewed
CVE-2024-34932
was published
May 23, 2024
A SQL injection vulnerability in /model/update_classroom.php in Campcodes Complete Web-Based...
Unknown
Unreviewed
CVE-2024-34927
was published
May 23, 2024
A SQL injection vulnerability in /view/find_friends.php in Campcodes Complete Web-Based School...
Unknown
Unreviewed
CVE-2024-34929
was published
May 23, 2024
A SQL injection vulnerability in /model/update_subject_routing.php in Campcodes Complete Web...
Unknown
Unreviewed
CVE-2024-34928
was published
May 23, 2024
A SQL injection vulnerability in /model/update_grade.php in Campcodes Complete Web-Based School...
Unknown
Unreviewed
CVE-2024-34933
was published
May 23, 2024
A SQL injection vulnerability in /model/update_subject.php in Campcodes Complete Web-Based School...
Unknown
Unreviewed
CVE-2024-34931
was published
May 23, 2024
A SQL injection vulnerability in /model/all_events1.php in Campcodes Complete Web-Based School...
Unknown
Unreviewed
CVE-2024-34930
was published
May 23, 2024
A SQL injection vulnerability in /view/emarks_range_grade_update_form.php in Campcodes Complete...
Unknown
Unreviewed
CVE-2024-34934
was published
May 23, 2024
LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary file deletion vulnerability via the...
Unknown
Unreviewed
CVE-2024-35081
was published
May 23, 2024
A SQL injection vulnerability in /view/event1.php in Campcodes Complete Web-Based School...
Unknown
Unreviewed
CVE-2024-34936
was published
May 23, 2024
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function...
Unknown
Unreviewed
CVE-2024-35085
was published
May 23, 2024
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function...
Unknown
Unreviewed
CVE-2024-35082
was published
May 23, 2024
ProTip!
Advisories are also available from the
GraphQL API