Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,683 advisories

URL Rewrite vulnerability in multiple zendframework components High
GHSA-f6p5-76fp-m248 was published for zendframework/zend-diactoros (Composer) Apr 28, 2022
Object state limitation has no effect Critical
GHSA-w8qp-hmh5-4v9v was published for ezsystems/ezplatform-kernel (Composer) Apr 29, 2022
Object state limitation has no effect Critical
GHSA-gvj8-4cj4-h776 was published for ibexa/core (Composer) Apr 29, 2022
PocketMine-MP invalid skin geometry JSON data leading to server crash High
GHSA-8cwq-4cmf-px73 was published for pocketmine/pocketmine-mp (Composer) Aug 18, 2022
Ibexa DXP users with the Company admin role can assign any role to any user Critical
GHSA-g6jc-xrc3-4wwq was published for ibexa/admin-ui (Composer) Nov 10, 2022
ibexa/admin-ui vulnerable to Cross-site Scripting in content type name/shortname Critical
GHSA-7644-cxp8-h23r was published for ibexa/admin-ui (Composer) Nov 10, 2022
GraphQL queries can expose password hashes Critical
GHSA-3p7g-wrgg-wq45 was published for ibexa/graphql (Composer) Nov 10, 2022
tranca
ezplatform-admin-ui vulnerable to Cross-Site Scripting (XSS) Critical
GHSA-58h5-h554-429q was published for ezsystems/ezplatform-admin-ui (Composer) Nov 10, 2022
Ibexa DXP users with the Company admin role can assign any role to any user Critical
GHSA-394j-x37r-2q27 was published for ibexa/core (Composer) Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user Critical
GHSA-446q-xxg5-3vhh was published for ezsystems/repository-forms (Composer) Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user Critical
GHSA-pcpm-vc4v-cmvx was published for ezsystems/ezplatform-admin-ui (Composer) Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user Critical
GHSA-99r3-xmmq-7q7g was published for ezsystems/ezpublish-kernel (Composer) Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user Critical
GHSA-8h83-chh2-fchp was published for ezsystems/ezplatform-kernel (Composer) Nov 10, 2022
SQL Injection in usmanhalalit/pixie Critical
CVE-2019-10766 was published for usmanhalalit/pixie (Composer) Nov 20, 2019
Unauthenticated crypto and weak IV in Magento\Framework\Encryption High
CVE-2016-6485 was published for magento/community-edition (Composer) Nov 20, 2019
Cross-site scripting in SimpleSAMLphp Low
CVE-2020-5226 was published for simplesamlphp/simplesamlphp (Composer) Jan 24, 2020
Remote code execution in verot/class.upload.php Critical
CVE-2019-19576 was published for verot/class.upload.php (Composer) Jan 16, 2020
PrestaShop autoupgrade module ZIP archives were vulnerable from CVE-2017-9841 High
GHSA-wqq8-mqj9-697f was published for prestashop/autoupgrade (Composer) Jan 8, 2020
Timing attacks might allow practical recovery of the long-term private key High
CVE-2019-10764 was published for simplito/elliptic-php (Composer) Nov 20, 2019
XSS in enshrined/svg-sanitize due to mishandled script and data values in attributes High
CVE-2019-18857 was published for enshrined/svg-sanitize (Composer) Jan 8, 2020
ohader
Log injection in SimpleSAMLphp Low
CVE-2020-5225 was published for simplesamlphp/simplesamlphp (Composer) Jan 24, 2020
Link injection in SimpleSAMLphp Low
GHSA-2r3v-q9x3-7g46 was published for simplesamlphp/simplesamlphp (Composer) Jan 24, 2020
hyp3rlinx
Data leakage via SQL Injection in Pimcore Moderate
CVE-2019-10763 was published for pimcore/pimcore (Composer) Dec 2, 2019
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony Critical
CVE-2019-10913 was published for symfony/http-foundation (Composer) Dec 2, 2019
Persistent XSS vulnerability in filename of attached file in PrivateBin Moderate
CVE-2020-5223 was published for privatebin/privatebin (Composer) Jan 14, 2020
ProTip! Advisories are also available from the GraphQL API