GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
4,023 advisories
Filter by severity
TYPO3 Security Misconfiguration in Install Tool Cookie
High
GHSA-f777-f784-36gm
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Cross-Site Scripting in Frontend User Login
Moderate
GHSA-2rcw-9hrm-8q7q
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Cross-Site Scripting in Backend Modal Component
Moderate
GHSA-7q33-hxwj-7p8v
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Cross-Site Scripting in Online Media Asset Rendering
Moderate
GHSA-8m6j-p5jv-v69w
was published
for
typo3/cms
(Composer)
Jun 7, 2024
Cross-site scripting (XSS) vulnerability in Description metadata
Moderate
CVE-2024-37160
was published
for
getformwork/formwork
(Composer)
Jun 7, 2024
TYPO3 Arbitrary Code Execution via File List Module
High
GHSA-8h4m-r4wm-xj7r
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Denial of Service in Frontend Record Registration
High
GHSA-g585-crjf-vhwq
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Information Disclosure of Installed Extensions
Moderate
GHSA-f624-8hfq-5fh3
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Cross-Site Scripting in Form Framework validation handling
Moderate
GHSA-v8m4-3w37-ghxx
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Cross-Site Scripting in Form Framework
Moderate
GHSA-4h5c-5g25-v7fh
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Security Misconfiguration for Backend User Accounts
High
GHSA-c5mj-39cf-3pp5
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Cross-Site Scripting in Link Handling
Moderate
GHSA-xgmx-j3hv-jh9x
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Broken Access Control in Localization Handling
Moderate
GHSA-772m-43f3-hmf8
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Cross-Site Scripting in Filelist Module
Moderate
GHSA-g7hw-jh4p-75wr
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Cross-Site Scripting in Fluid ViewHelpers
Moderate
GHSA-85ch-44w7-rf32
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 CMS Possible Insecure Deserialization in Extbase Request Handling
High
GHSA-hh95-5xm5-v8v7
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TokenController formName not sanitized in hidden input
Moderate
CVE-2024-37156
was published
for
sulu/form-bundle
(Composer)
Jun 6, 2024
Password hash exposed in CraftCMS two factor authentication plugin
Low
CVE-2024-5657
was published
for
born05/craft-twofactorauthentication
(Composer)
Jun 6, 2024
Improper Authentication in CraftCMS two factor authentication plugin
Moderate
CVE-2024-5658
was published
for
born05/craft-twofactorauthentication
(Composer)
Jun 6, 2024
typo3 Security fix for Flow Swift Mailer package
High
GHSA-xjw3-5r5c-m5ph
was published
for
typo3/swiftmailer
(Composer)
Jun 5, 2024
Insecure Unserialize Vulnerability in FLOW3
Moderate
GHSA-m2hp-5x78-74mg
was published
for
typo3/flow
(Composer)
Jun 5, 2024
typo3 Information Disclosure Security Note
High
GHSA-g4xv-r3qw-v3q2
was published
for
typo3/neos
(Composer)
Jun 5, 2024
Typo3 Arbitrary file upload and XML External Entity processing
Moderate
GHSA-2p4f-vc9q-r5vp
was published
for
typo3/flow
(Composer)
Jun 5, 2024
By-passing Protection of PharStreamWrapper Interceptor
Moderate
GHSA-4v5g-8pq2-32m2
was published
for
typo3/phar-stream-wrapper
(Composer)
Jun 5, 2024
Time-Based Information Disclosure Vulnerability in Flow
Moderate
GHSA-r6mm-wmhf-849m
was published
for
typo3/flow
(Composer)
Jun 5, 2024
ProTip!
Advisories are also available from the
GraphQL API