GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,626
Erlang
29
GitHub Actions
16
Go
1,698
Maven
4,936
npm
3,466
NuGet
601
pip
2,975
Pub
10
RubyGems
826
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,765 advisories
Filter by severity
eZ Platform Object Injection in SiteAccessMatchListener
High
GHSA-2w9p-xxqr-h253
was published
for
ezsystems/ezplatform-kernel
(Composer)
May 15, 2024
eZ Platform Admin UI Cross-site Scripting vulnerability
High
GHSA-q73v-79x3-jv2w
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
May 15, 2024
eZ Platform Password reset vulnerability
High
GHSA-cg84-55jx-4237
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
May 15, 2024
eZ Platform Editor Cross-site Scripting (XSS)
Moderate
GHSA-4c2w-v5rq-5mx7
was published
for
ezsystems/ezplatform-admin-ui-assets
(Composer)
May 15, 2024
eZ Platform Bundled jQuery affected by CVE-2019-11358
Moderate
GHSA-jrpw-8884-2747
was published
for
ezsystems/ezplatform-admin-ui-assets
(Composer)
May 15, 2024
Cross-site Scripting in eZFind spellcheck
High
GHSA-9cq2-pcgr-8h62
was published
for
ezsystems/ezfind-ls
(Composer)
May 15, 2024
ezsystems/ez-support-tools Failing access control in system info view
Moderate
GHSA-xmp3-7745-g4vj
was published
for
ezsystems/ez-support-tools
(Composer)
May 15, 2024
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS
High
GHSA-jq9q-6p42-qpr7
was published
for
ezsystems/ezdemo-ls-extension
(Composer)
May 15, 2024
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS
High
GHSA-8c85-4rr5-chr4
was published
for
ezsystems/demobundle
(Composer)
May 15, 2024
endroid/qr-code-bundle File Disclosure via logo_path query parameter
Moderate
GHSA-mvf6-3f2g-xfxf
was published
for
endroid/qr-code-bundle
(Composer)
May 15, 2024
Drupal Cross-Site Scripting (XSS) affecting CKEditor Third-party library
Moderate
GHSA-qf65-hph9-453r
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal core Arbitrary PHP code execution
High
GHSA-j66p-fvp2-fxhj
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal core uses a vulnerable Third-party library CKEditor
Moderate
GHSA-337w-fxpq-5m34
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal core Open Redirect vulnerability
Moderate
GHSA-wxfg-253g-m7r4
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar
High
GHSA-m9fv-whq2-6wmc
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal core Access control bypass
Moderate
GHSA-5x28-3f32-x523
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal core Denial of Service
Moderate
GHSA-w333-5f96-mjrr
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal core Remote Code Execution
Critical
GHSA-jf8c-36vw-98x4
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Critical
GHSA-jjx7-8462-w4m4
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal Malicious file upload with filenames stating with dot
Moderate
GHSA-58xv-7h9r-mx3c
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal Anonymous Open Redirect
Moderate
GHSA-x6v2-xmrq-574j
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal Content moderation Access bypass
Moderate
GHSA-86xw-vmcx-9mj4
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal External URL injection through URL aliases leading to Open Redirect
Moderate
GHSA-r67r-42wx-c8r7
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal core Cross-Site Scripting (XSS) vulnerabilities
Moderate
GHSA-vfgc-c76h-mwh4
was published
for
drupal/core
(Composer)
May 15, 2024
Drupal core Arbitrary PHP code execution
High
GHSA-gxxj-g9v8-w28p
was published
for
drupal/core
(Composer)
May 15, 2024
ProTip!
Advisories are also available from the
GraphQL API