GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
476 advisories
Filter by severity
Object state limitation has no effect
Critical
GHSA-w8qp-hmh5-4v9v
was published
for
ezsystems/ezplatform-kernel
(Composer)
Apr 29, 2022
Object state limitation has no effect
Critical
GHSA-gvj8-4cj4-h776
was published
for
ibexa/core
(Composer)
Apr 29, 2022
Ibexa DXP users with the Company admin role can assign any role to any user
Critical
GHSA-g6jc-xrc3-4wwq
was published
for
ibexa/admin-ui
(Composer)
Nov 10, 2022
ibexa/admin-ui vulnerable to Cross-site Scripting in content type name/shortname
Critical
GHSA-7644-cxp8-h23r
was published
for
ibexa/admin-ui
(Composer)
Nov 10, 2022
ezplatform-admin-ui vulnerable to Cross-Site Scripting (XSS)
Critical
GHSA-58h5-h554-429q
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
Nov 10, 2022
GraphQL queries can expose password hashes
Critical
GHSA-3p7g-wrgg-wq45
was published
for
ibexa/graphql
(Composer)
Nov 10, 2022
Ibexa DXP users with the Company admin role can assign any role to any user
Critical
GHSA-394j-x37r-2q27
was published
for
ibexa/core
(Composer)
Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user
Critical
GHSA-446q-xxg5-3vhh
was published
for
ezsystems/repository-forms
(Composer)
Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user
Critical
GHSA-pcpm-vc4v-cmvx
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user
Critical
GHSA-8h83-chh2-fchp
was published
for
ezsystems/ezplatform-kernel
(Composer)
Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user
Critical
GHSA-99r3-xmmq-7q7g
was published
for
ezsystems/ezpublish-kernel
(Composer)
Nov 10, 2022
SQL Injection in usmanhalalit/pixie
Critical
CVE-2019-10766
was published
for
usmanhalalit/pixie
(Composer)
Nov 20, 2019
Remote code execution in verot/class.upload.php
Critical
CVE-2019-19576
was published
for
verot/class.upload.php
(Composer)
Jan 16, 2020
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony
Critical
CVE-2019-10913
was published
for
symfony/http-foundation
(Composer)
Dec 2, 2019
SQL injection in phpMyAdmin
Critical
CVE-2019-18622
was published
for
phpmyadmin/phpmyadmin
(Composer)
Jan 16, 2020
SQL injection in Centreon
Critical
CVE-2019-16194
was published
for
centreon/centreon
(Composer)
Feb 11, 2020
Improper Input Validation in Symfony
Critical
CVE-2019-11325
was published
for
symfony/symfony
(Composer)
Feb 12, 2020
class.upload.php in verot.net omits .pht from the set of dangerous file extensions
Critical
CVE-2019-19634
was published
for
verot/class.upload.php
(Composer)
Feb 28, 2020
Steam Socialite Provider v1 does not correctly validate openid server
Critical
GHSA-hhw9-35p2-q2c5
was published
for
socialiteproviders/steam
(Composer)
Jan 29, 2021
After order payment process manipulation in shopware/platform and shopware/core
Critical
GHSA-88rc-3p98-rgvx
was published
for
shopware/core
(Composer)
Apr 13, 2021
Leak of information via Store-API
Critical
GHSA-f2vv-h5x4-57gr
was published
for
shopware/platform
(Composer)
Feb 10, 2021
Leak of information via Store-API aggregations in shopware/platform and shopware/core
Critical
GHSA-qg7c-q3vq-rgxr
was published
for
shopware/core
(Composer)
Apr 13, 2021
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain
Critical
CVE-2021-30492
was published
for
zendesk/zendesk_api_client_php
(Composer)
Apr 29, 2021
Webcache Poisoning in shopware/platform and shopware/core
Critical
GHSA-r64m-qchj-hrjp
was published
for
shopware/core
(Composer)
Nov 24, 2021
Access of Resource Using Incompatible Type ('Type Confusion') in yourls/yourls
Critical
CVE-2019-14537
was published
for
yourls/yourls
(Composer)
Sep 23, 2019
ProTip!
Advisories are also available from the
GraphQL API