GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,626
Erlang
29
GitHub Actions
16
Go
1,698
Maven
4,936
npm
3,466
NuGet
601
pip
2,975
Pub
10
RubyGems
826
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,765 advisories
Filter by severity
fuel/core Crypt encryption compromised.
Moderate
GHSA-fgrx-4637-fcf5
was published
for
fuel/core
(Composer)
May 15, 2024
fuel/core ImageMagick driver does not escape all shell arguments.
High
GHSA-26hp-cgjj-m2j3
was published
for
fuel/core
(Composer)
May 15, 2024
FOSUserBundle User Identity Validation Vulnerability
Moderate
GHSA-8wx3-8m4x-g5h4
was published
for
friendsofsymfony/user-bundle
(Composer)
May 15, 2024
FOSUserBundle Session Hijacking Vulnerability
High
GHSA-6mjq-9x4w-m3w9
was published
for
friendsofsymfony/user-bundle
(Composer)
May 15, 2024
FOSUserBundle Entropy is lost in the TokenGenerator
Moderate
GHSA-pjx8-984p-7p3x
was published
for
friendsofsymfony/user-bundle
(Composer)
May 15, 2024
FOSRestBundle issue with broken validation of JSONP callbacks
Moderate
GHSA-p9fg-j6ww-953m
was published
for
friendsofsymfony/rest-bundle
(Composer)
May 15, 2024
friendsofsymfony/oauth2-php open redirection in oauth
Moderate
GHSA-xm3x-4ph3-3x9c
was published
for
friendsofsymfony/oauth2-php
(Composer)
May 15, 2024
firebase/php-jwt: "None" Algorithm treated as valid on tokens
Critical
GHSA-h533-5v22-8vcp
was published
for
firebase/php-jwt
(Composer)
May 15, 2024
eZ Platform User data disclosure
High
GHSA-3g43-xfrw-pv5m
was published
for
ezsystems/repository-forms
(Composer)
May 15, 2024
eZ Platform Admin UI is vulnerable to Cross-site Scripting (XSS)
Moderate
GHSA-w9p3-26fx-5mp3
was published
for
ezsystems/platform-ui-assets-bundle
(Composer)
May 15, 2024
Ez Platform Object Injection in legacy shop module
Moderate
GHSA-39j2-4p9j-5w4j
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
EZsystems Remote code execution in file uploads
High
GHSA-9895-26wr-4fgv
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
Stakater Forecastle has a directory traversal vulnerability
High
CVE-2023-40297
was published
for
github.com/stakater/Forecastle
(Go)
May 15, 2024
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads
Moderate
GHSA-pqjm-xcp8-wgmm
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
eZ Publish Legacy Passwordless login for LDAP users
High
GHSA-p9mp-vq4v-v5m5
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
eZ Publish Legacy Cross-site Scripting (XSS) in 'disabled module' error template
Moderate
GHSA-2vh3-cj9j-mcj5
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
eZ Platform Object Injection in SiteAccessMatchListener
High
GHSA-64vj-933f-6pm3
was published
for
ezsystems/ezpublish-kernel
(Composer)
May 15, 2024
eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities
High
GHSA-82rv-45pc-v28w
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
eZ Publish Information disclosure in backend content tree menu
High
GHSA-cc2j-92jq-wgjg
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
eZ Publish Remote code execution in file uploads
High
GHSA-3vwr-jj4f-h98x
was published
for
ezsystems/ezpublish-kernel
(Composer)
May 15, 2024
eZ Platform Prevent accepting app.php in URL in Platform.sh
Moderate
GHSA-qhjc-hg94-245v
was published
for
ezsystems/ezplatform
(Composer)
May 15, 2024
eZ Platform REST API returns list of all SiteAccesses
Moderate
GHSA-9wwx-c723-vm8x
was published
for
ezsystems/ezpublish-kernel
(Composer)
May 15, 2024
eZ Platform Rules to disable executable access are ignored on Platform.sh (eZ Cloud)
Moderate
GHSA-6xch-2vxx-5pvr
was published
for
ezsystems/ezplatform
(Composer)
May 15, 2024
eZ Platform CSRF token in login form is disabled by default
High
GHSA-45qm-j4m9-whv9
was published
for
ezsystems/ezplatform
(Composer)
May 15, 2024
eZ Platform Admin UI Password reset vulnerability
High
GHSA-hfpp-2vhw-qq43
was published
for
ezsystems/ezplatform-user
(Composer)
May 15, 2024
ProTip!
Advisories are also available from the
GraphQL API