Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

255 advisories

Loading
Moodle Authenticated LFI risk in some misconfigured shared hosting environments High
CVE-2024-34005 was published for moodle/moodle (Composer) May 31, 2024
AnonySE26
TYPO3 Frontend vulnerable to Unauthenticated Path Disclosure Moderate
GHSA-pqfv-97hj-g97g was published for typo3/cms (Composer) May 30, 2024
TYPO3 Information Disclosure Vulnerability Exploitable by Editors Moderate
GHSA-r287-hc8j-w56h was published for typo3/cms (Composer) May 30, 2024
TYPO3 Disclosure of Information about Installed Extensions Moderate
GHSA-p2h4-7fp3-cmh8 was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Information Disclosure in Page Tree Moderate
GHSA-wvvp-jwf5-qcpc was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Information Disclosure in Install Tool Moderate
GHSA-66c2-7g4p-wx4p was published for typo3/cms-core (Composer) May 30, 2024
Symfony allows direct access of ESI URLs behind a trusted proxy High
CVE-2014-5245 was published for symfony/http-kernel (Composer) May 30, 2024
silverstripe/userforms file upload exposure on UserForms module Moderate
GHSA-55pp-293f-3365 was published for silverstripe/userforms (Composer) May 28, 2024
silverstripe/framework vulnerable to member disclosure in login form Moderate
GHSA-crr3-h4m8-7f56 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms Moderate
GHSA-r3pr-fh25-wrfc was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework's URL parameters `isDev` and `isTest` unguarded Moderate
GHSA-55qg-6c4m-mw6g was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework member disclosure in login form Moderate
GHSA-g84q-cq55-xwgp was published for silverstripe/framework (Composer) May 27, 2024
Data Leakage Vulnerability in livewire/livewire Moderate
GHSA-qwvp-268g-jjm8 was published for livewire/livewire (Composer) May 15, 2024
Read private customer data reclaiming carts in Klaviyo Magento Moderate
GHSA-hvgw-gg3p-295j was published for klaviyo/magento2-extension (Composer) May 15, 2024
eZ Platform User data disclosure High
GHSA-3g43-xfrw-pv5m was published for ezsystems/repository-forms (Composer) May 15, 2024
eZ Publish Information disclosure in backend content tree menu High
GHSA-cc2j-92jq-wgjg was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
eZ Platform REST API returns list of all SiteAccesses Moderate
GHSA-9wwx-c723-vm8x was published for ezsystems/ezpublish-kernel (Composer) May 15, 2024
endroid/qr-code-bundle File Disclosure via logo_path query parameter Moderate
GHSA-mvf6-3f2g-xfxf was published for endroid/qr-code-bundle (Composer) May 15, 2024
Anonymous PrestaShop customer can download other customers' invoices Moderate
CVE-2024-34717 was published for prestashop/prestashop (Composer) May 14, 2024
matthieu-rolland
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController Moderate
CVE-2024-34358 was published for typo3/cms-core (Composer) May 14, 2024
derhansen bnf
bmack
MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2024-34080 was published for mantisbt/mantisbt (Composer) May 13, 2024
vboctor dregad
Kimai information disclosure vulnerability Low
CVE-2024-4596 was published for kimai/kimai (Composer) May 7, 2024
Contao: Possible cookie sharing with external domains while checking protected pages for broken links High
CVE-2024-28235 was published for contao/core-bundle (Composer) Apr 9, 2024
Pimcore Preview Documents are not restricted to logged in users anymore Moderate
CVE-2024-29197 was published for pimcore/pimcore (Composer) Mar 26, 2024
rliebi pryserv
Storefront user can access history and most viewed data from matching back-office user with the same ID Moderate
CVE-2023-48296 was published for oro/customer-portal (Composer) Mar 25, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database