GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,968 advisories
Filter by severity
Adminer file disclosure vulnerability
High
GHSA-97h7-mf38-g9mf
was published
for
vrana/adminer
(Composer)
Jun 7, 2024
ua-parser/uap-php ReDoS vulnerability
Moderate
GHSA-78hm-5hjw-58mh
was published
for
ua-parser/uap-php
(Composer)
Jun 7, 2024
Wikimedia Parsoid vulnerable to Cross-site Scripting (XSS)
Moderate
CVE-2021-30458
was published
for
wikimedia/parsoid
(Composer)
May 24, 2022
Zend-developer-tools information disclosure vulnerability
Moderate
GHSA-qg7m-mwxm-j3h7
was published
for
zendframework/zend-developer-tools
(Composer)
Jun 7, 2024
Zend_Filter_StripTags vulnerable to Cross-site Scripting when comments allowed
Moderate
GHSA-4vf6-mq7w-3hp6
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zend-Diactoros URL Rewrite vulnerability
Moderate
GHSA-fq4p-86hh-42v9
was published
for
zendframework/zend-diactoros
(Composer)
Jun 7, 2024
Zend-Navigation vulnerable to Cross-site Scripting
High
GHSA-6v7p-5qcq-268c
was published
for
zendframework/zend-navigation
(Composer)
Jun 7, 2024
Zend-Feed URL Rewrite vulnerability
High
GHSA-jmmp-vh96-78rm
was published
for
zendframework/zend-feed
(Composer)
Jun 7, 2024
Zendframework potential Cross-site Scripting vector in `Zend_Service_ReCaptcha_MailHide`
Moderate
GHSA-4v57-pwvf-x35j
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zend-Form vulnerable to Cross-site Scripting
Moderate
GHSA-gvpp-6jrj-5pqc
was published
for
zendframework/zend-form
(Composer)
Jun 7, 2024
Zendframework Potential XSS or HTML Injection vector in Zend_Json
Moderate
GHSA-vvm3-rv48-j3g5
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zend-HTTP URL Rewrite vulnerability
High
GHSA-cg8w-5jrc-675g
was published
for
zendframework/zend-http
(Composer)
Jun 7, 2024
ZendFramework1 Potential Security Issues in Bundled Dojo Library
Moderate
GHSA-w5mj-j45q-m638
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zend-JSON vulnerable to XXE/XEE attacks
Critical
GHSA-8x2v-pcg7-94f4
was published
for
zendframework/zend-json
(Composer)
Jun 7, 2024
Zendframework Local file disclosure via XXE injection in Zend_XmlRpc
High
GHSA-229x-22xc-2f2w
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zendframework Denial of Service vector via XEE injection
High
GHSA-2jx7-xg83-j2m7
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework Cross-site Scripting vector in `Zend_Filter_StripTags`
Moderate
GHSA-gwpm-pm6x-h7rj
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zend-Session session validation vulnerability
Moderate
GHSA-96c6-m98x-hxjx
was published
for
zendframework/zend-session
(Composer)
Jun 7, 2024
ZendFramework Potential Cross-site Scripting in Development Environment Error View Script
Moderate
GHSA-g52p-86j5-xr8q
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zend-Mail remote code execution in zend-mail via Sendmail adapter
High
GHSA-cxf7-m5g2-v594
was published
for
zendframework/zend-mail
(Composer)
Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors
Critical
GHSA-mhpx-3rv8-wrjm
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework potential XML eXternal Entity injection vectors
High
GHSA-4j9x-g4x8-vcmf
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework potential Cross-site Scripting vectors due to inconsistent encodings
Moderate
GHSA-hg35-vqp3-fv39
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework potential SQL Injection Vector When Using PDO_MySql
Critical
GHSA-qf36-fx9f-232x
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework potential Cross-site Scripting vector in `Zend_Dojo_View_Helper_Editor`
Moderate
GHSA-j543-vg33-g6vj
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ProTip!
Advisories are also available from the
GraphQL API