Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,049 advisories

Loading
fuel/core ImageMagick driver does not escape all shell arguments. High
GHSA-26hp-cgjj-m2j3 was published for fuel/core (Composer) May 15, 2024
FOSUserBundle Session Hijacking Vulnerability High
GHSA-6mjq-9x4w-m3w9 was published for friendsofsymfony/user-bundle (Composer) May 15, 2024
eZ Platform User data disclosure High
GHSA-3g43-xfrw-pv5m was published for ezsystems/repository-forms (Composer) May 15, 2024
EZsystems Remote code execution in file uploads High
GHSA-9895-26wr-4fgv was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
eZ Publish Legacy Passwordless login for LDAP users High
GHSA-p9mp-vq4v-v5m5 was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
eZ Platform Object Injection in SiteAccessMatchListener High
GHSA-64vj-933f-6pm3 was published for ezsystems/ezpublish-kernel (Composer) May 15, 2024
eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities High
GHSA-82rv-45pc-v28w was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
eZ Publish Information disclosure in backend content tree menu High
GHSA-cc2j-92jq-wgjg was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
eZ Publish Remote code execution in file uploads High
GHSA-3vwr-jj4f-h98x was published for ezsystems/ezpublish-kernel (Composer) May 15, 2024
eZ Platform CSRF token in login form is disabled by default High
GHSA-45qm-j4m9-whv9 was published for ezsystems/ezplatform (Composer) May 15, 2024
eZ Platform Admin UI Password reset vulnerability High
GHSA-hfpp-2vhw-qq43 was published for ezsystems/ezplatform-user (Composer) May 15, 2024
eZ Platform Object Injection in SiteAccessMatchListener High
GHSA-2w9p-xxqr-h253 was published for ezsystems/ezplatform-kernel (Composer) May 15, 2024
eZ Platform Admin UI Cross-site Scripting vulnerability High
GHSA-q73v-79x3-jv2w was published for ezsystems/ezplatform-admin-ui (Composer) May 15, 2024
eZ Platform Password reset vulnerability High
GHSA-cg84-55jx-4237 was published for ezsystems/ezplatform-admin-ui (Composer) May 15, 2024
Cross-site Scripting in eZFind spellcheck High
GHSA-9cq2-pcgr-8h62 was published for ezsystems/ezfind-ls (Composer) May 15, 2024
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS High
GHSA-jq9q-6p42-qpr7 was published for ezsystems/ezdemo-ls-extension (Composer) May 15, 2024
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS High
GHSA-8c85-4rr5-chr4 was published for ezsystems/demobundle (Composer) May 15, 2024
Drupal core Arbitrary PHP code execution High
GHSA-j66p-fvp2-fxhj was published for drupal/drupal (Composer) May 15, 2024
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar High
GHSA-m9fv-whq2-6wmc was published for drupal/drupal (Composer) May 15, 2024
Drupal core Arbitrary PHP code execution High
GHSA-gxxj-g9v8-w28p was published for drupal/core (Composer) May 15, 2024
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar High
GHSA-98h9-727m-44qv was published for drupal/core (Composer) May 15, 2024
doctrine/orm Regression in Query Parenthesis can have Security Implications High
GHSA-vjrg-wpm8-rhrw was published for doctrine/orm (Composer) May 15, 2024
Doctrine DBAL SQL injection possibility High
GHSA-76w8-mqx4-wjrf was published for doctrine/dbal (Composer) May 15, 2024
contao/core PHP object injection vulnerability allows for arbitrary code execution High
GHSA-wq43-8r5p-w3mc was published for contao/core (Composer) May 15, 2024
OpenCFP Framework (Sentry) Account takeover via null password reset codes High
GHSA-2m5g-8xpw-42vp was published for cartalyst/sentry (Composer) May 15, 2024
ProTip! Advisories are also available from the GraphQL API