Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

948 advisories

Loading
Moodle Authenticated LFI risk in some misconfigured shared hosting environments Moderate
CVE-2024-34002 was published for moodle/moodle (Composer) May 31, 2024
TYPO3 Frontend vulnerable to Unauthenticated Path Disclosure Moderate
GHSA-pqfv-97hj-g97g was published for typo3/cms (Composer) May 30, 2024
TYPO3 Information Disclosure Vulnerability Exploitable by Editors Moderate
GHSA-r287-hc8j-w56h was published for typo3/cms (Composer) May 30, 2024
TYPO3 Disclosure of Information about Installed Extensions Moderate
GHSA-p2h4-7fp3-cmh8 was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Information Disclosure in Page Tree Moderate
GHSA-wvvp-jwf5-qcpc was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Information Disclosure in Install Tool Moderate
GHSA-66c2-7g4p-wx4p was published for typo3/cms-core (Composer) May 30, 2024
Symfony allows direct access of ESI URLs behind a trusted proxy High
CVE-2014-5245 was published for symfony/http-kernel (Composer) May 30, 2024
MinIO information disclosure vulnerability Moderate
CVE-2024-36107 was published for github.com/minio/minio (Go) May 29, 2024
stefansundin shtripat
silverstripe/userforms file upload exposure on UserForms module Moderate
GHSA-55pp-293f-3365 was published for silverstripe/userforms (Composer) May 28, 2024
silverstripe/framework vulnerable to member disclosure in login form Moderate
GHSA-crr3-h4m8-7f56 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms Moderate
GHSA-r3pr-fh25-wrfc was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework's URL parameters `isDev` and `isTest` unguarded Moderate
GHSA-55qg-6c4m-mw6g was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework member disclosure in login form Moderate
GHSA-g84q-cq55-xwgp was published for silverstripe/framework (Composer) May 27, 2024
jupyter-scheduler's endpoint is missing authentication Moderate
CVE-2024-28188 was published for jupyter-scheduler (pip) May 23, 2024
krassowski Carreau
andrii-i dlqqq yuvipanda
Dapr API Token Exposure Moderate
CVE-2024-35223 was published for github.com/dapr/dapr (Go) May 22, 2024
elena-kolevska artursouza
Duplicate Advisory: Scrapy leaks the authorization header on same-domain but cross-origin redirects High
GHSA-cg34-w3fm-82h3 was published for scrapy (pip) May 20, 2024 withdrawn
Data Leakage Vulnerability in livewire/livewire Moderate
GHSA-qwvp-268g-jjm8 was published for livewire/livewire (Composer) May 15, 2024
Read private customer data reclaiming carts in Klaviyo Magento Moderate
GHSA-hvgw-gg3p-295j was published for klaviyo/magento2-extension (Composer) May 15, 2024
eZ Platform User data disclosure High
GHSA-3g43-xfrw-pv5m was published for ezsystems/repository-forms (Composer) May 15, 2024
eZ Publish Information disclosure in backend content tree menu High
GHSA-cc2j-92jq-wgjg was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
eZ Platform REST API returns list of all SiteAccesses Moderate
GHSA-9wwx-c723-vm8x was published for ezsystems/ezpublish-kernel (Composer) May 15, 2024
endroid/qr-code-bundle File Disclosure via logo_path query parameter Moderate
GHSA-mvf6-3f2g-xfxf was published for endroid/qr-code-bundle (Composer) May 15, 2024
Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins Moderate
CVE-2022-39201 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana User enumeration via forget password Moderate
CVE-2022-39307 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins Moderate
CVE-2022-31130 was published for github.com/grafana/grafana (Go) May 14, 2024
joaxcar
ProTip! Advisories are also available from the GraphQL API