GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
65 advisories
Filter by severity
Symfony allows changing the environment through a query
Moderate
CVE-2024-50340
was published
for
symfony/runtime
(Composer)
Nov 6, 2024
Magento Open Source Improper Input Validation vulnerability
Moderate
CVE-2024-45117
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Contao affected by insert tag injection via canonical URL
Moderate
CVE-2024-45612
was published
for
contao/core-bundle
(Composer)
Sep 17, 2024
Arbitrary File Creation in opencart
Moderate
CVE-2024-21519
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
Moodle broken access control when setting calendar event type
Moderate
CVE-2024-33996
was published
for
moodle/moodle
(Composer)
May 31, 2024
TYPO3 Brute Force Protection Bypass in backend login
Moderate
GHSA-jqr8-q455-xx45
was published
for
typo3/cms
(Composer)
May 30, 2024
Symfony has unsafe methods in the Request class
Moderate
CVE-2015-2309
was published
for
symfony/http-foundation
(Composer)
May 30, 2024
Symfony has a security issue when parsing the Authorization header
Moderate
CVE-2014-6061
was published
for
symfony/http-foundation
(Composer)
May 30, 2024
silverstripe/framework uploaded PHP script execution in assets
Moderate
GHSA-f43j-8hq4-2xj9
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Laravel Guard bypass in Eloquent models
Moderate
GHSA-44pg-c29v-hp6r
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel Risk of mass-assignment vulnerabilities
Moderate
GHSA-rj3w-99gc-8j58
was published
for
laravel/framework
(Composer)
May 15, 2024
Laravel Risk of mass-assignment vulnerabilities
Moderate
GHSA-cc2w-ghc5-m5qr
was published
for
illuminate/database
(Composer)
May 15, 2024
Laravel does not properly constrain the host portion of a password-reset URL
Moderate
CVE-2017-9303
was published
for
illuminate/auth
(Composer)
May 17, 2022
Symfony SSRF Vulnerability via Form Component
Moderate
CVE-2017-16790
was published
for
symfony/form
(Composer)
May 14, 2022
Froxlor Information Disclosure
Moderate
CVE-2020-10236
was published
for
froxlor/froxlor
(Composer)
May 24, 2022
GeniXCMS denial of service (account blockage)
Moderate
CVE-2017-14231
was published
for
genix/cms
(Composer)
May 17, 2022
phpMyAdmin Improper Input Validation
Moderate
CVE-2016-2562
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
phpMyAdmin Denial of Service (DoS)
Moderate
CVE-2016-9860
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Moodle Incorrect sanitation of attributes in forums
Moderate
CVE-2017-2576
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Private files uploaded via incoming mail processing could bypass quota restrictions
Moderate
CVE-2019-10134
was published
for
moodle/moodle
(Composer)
May 24, 2022
Drupal file REST resource does not properly validate
Moderate
CVE-2017-6921
was published
for
drupal/core
(Composer)
May 13, 2022
Drupal Denial of service via transliterate mechanism
Moderate
CVE-2016-9452
was published
for
drupal/core
(Composer)
May 17, 2022
Contao Insert tag injection in forms
Moderate
CVE-2020-25768
was published
for
contao/contao
(Composer)
Sep 24, 2020
Moodle arbitrary file read vulnerability
Moderate
CVE-2023-28330
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
Moodle does not properly validate module instance id
Moderate
CVE-2006-4936
was published
for
moodle/moodle
(Composer)
May 1, 2022
ProTip!
Advisories are also available from the
GraphQL API