GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,017
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,140 advisories
Filter by severity
laravel framework SQL Injection via limit and offset functions
High
GHSA-wq8p-mqvg-2p5h
was published
for
laravel/framework
(Composer)
May 15, 2024
laravel framework Unexpected database bindings via requests
High
GHSA-jwvj-pwww-3mj5
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel Cookie serialization vulnerability
High
GHSA-6jvx-8ch9-j2jr
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel Cookie serialization vulnerability
High
GHSA-2867-6rrm-38gr
was published
for
illuminate/cookie
(Composer)
May 15, 2024
gregwar/rst Local File Inclusion Vulnerability
High
GHSA-2gq2-m628-33xp
was published
for
gregwar/rst
(Composer)
May 15, 2024
fuel/core ImageMagick driver does not escape all shell arguments.
High
GHSA-26hp-cgjj-m2j3
was published
for
fuel/core
(Composer)
May 15, 2024
FOSUserBundle Session Hijacking Vulnerability
High
GHSA-6mjq-9x4w-m3w9
was published
for
friendsofsymfony/user-bundle
(Composer)
May 15, 2024
eZ Platform User data disclosure
High
GHSA-3g43-xfrw-pv5m
was published
for
ezsystems/repository-forms
(Composer)
May 15, 2024
EZsystems Remote code execution in file uploads
High
GHSA-9895-26wr-4fgv
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
eZ Publish Legacy Passwordless login for LDAP users
High
GHSA-p9mp-vq4v-v5m5
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
eZ Platform Object Injection in SiteAccessMatchListener
High
GHSA-64vj-933f-6pm3
was published
for
ezsystems/ezpublish-kernel
(Composer)
May 15, 2024
eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities
High
GHSA-82rv-45pc-v28w
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
eZ Publish Information disclosure in backend content tree menu
High
GHSA-cc2j-92jq-wgjg
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
eZ Publish Remote code execution in file uploads
High
GHSA-3vwr-jj4f-h98x
was published
for
ezsystems/ezpublish-kernel
(Composer)
May 15, 2024
eZ Platform CSRF token in login form is disabled by default
High
GHSA-45qm-j4m9-whv9
was published
for
ezsystems/ezplatform
(Composer)
May 15, 2024
eZ Platform Admin UI Password reset vulnerability
High
GHSA-hfpp-2vhw-qq43
was published
for
ezsystems/ezplatform-user
(Composer)
May 15, 2024
eZ Platform Object Injection in SiteAccessMatchListener
High
GHSA-2w9p-xxqr-h253
was published
for
ezsystems/ezplatform-kernel
(Composer)
May 15, 2024
eZ Platform Admin UI Cross-site Scripting vulnerability
High
GHSA-q73v-79x3-jv2w
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
May 15, 2024
eZ Platform Password reset vulnerability
High
GHSA-cg84-55jx-4237
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
May 15, 2024
Cross-site Scripting in eZFind spellcheck
High
GHSA-9cq2-pcgr-8h62
was published
for
ezsystems/ezfind-ls
(Composer)
May 15, 2024
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS
High
GHSA-jq9q-6p42-qpr7
was published
for
ezsystems/ezdemo-ls-extension
(Composer)
May 15, 2024
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS
High
GHSA-8c85-4rr5-chr4
was published
for
ezsystems/demobundle
(Composer)
May 15, 2024
Drupal core Arbitrary PHP code execution
High
GHSA-j66p-fvp2-fxhj
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar
High
GHSA-m9fv-whq2-6wmc
was published
for
drupal/drupal
(Composer)
May 15, 2024
Drupal core Arbitrary PHP code execution
High
GHSA-gxxj-g9v8-w28p
was published
for
drupal/core
(Composer)
May 15, 2024
ProTip!
Advisories are also available from the
GraphQL API