GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
50 advisories
Filter by severity
Any storage file can be downloaded from p.sh if full server path is known
High
GHSA-2rh5-jvgx-pgw3
was published
for
ezsystems/ezplatform
(Composer)
Sep 14, 2021
Any storage file can be downloaded from p.sh if full server path is known
High
GHSA-gqcf-83rq-gpfr
was published
for
ibexa/post-install
(Composer)
Sep 14, 2021
Private files publicly accessible with Cloud Storage providers
High
GHSA-vrf2-xghr-j52v
was published
for
shopware/core
(Composer)
Jun 28, 2021
Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS
High
CVE-2021-41120
was published
for
sylius/paypal-plugin
(Composer)
Oct 6, 2021
Valinor error messages leading to potential data exfiltration before v0.12.0
High
CVE-2022-31140
was published
for
cuyz/valinor
(Composer)
Jul 12, 2022
Exposure of Sensitive Information to an Unauthorized Actor
High
CVE-2021-32717
was published
for
shopware/platform
(Composer)
Sep 8, 2021
ezplatform-graphql GraphQL queries can expose password hashes
High
CVE-2022-41876
was published
for
ezsystems/ezplatform-graphql
(Composer)
Nov 10, 2022
Improper authentication in Symfony
High
CVE-2019-10911
was published
for
symfony/security
(Composer)
Feb 12, 2020
Unrestricted access to predictable file paths in hov/jobfair
High
CVE-2021-43564
was published
for
hov/jobfair
(Composer)
Nov 15, 2021
Exposure of Sensitive Information to an Unauthorized Actor in microweber
High
CVE-2022-0281
was published
for
microweber/microweber
(Composer)
Jan 21, 2022
RosarioSIS Improper Access Control vulnerability
High
CVE-2023-0994
was published
for
francoisjacquet/rosariosis
(Composer)
Feb 24, 2023
Change in port should be considered a change in origin
High
CVE-2022-31091
was published
for
guzzlehttp/guzzle
(Composer)
Jun 21, 2022
LFI in PHP-Proxy 5.1.0
High
CVE-2018-19246
was published
for
athlon1600/php-proxy
(Composer)
May 14, 2022
October CMS Local File Inclusion
High
CVE-2018-1999009
was published
for
october/october
(Composer)
May 13, 2022
Failure to strip the Cookie header on change in host or HTTP downgrade
High
CVE-2022-31042
was published
for
guzzlehttp/guzzle
(Composer)
Jun 9, 2022
Fix failure to strip Authorization header on HTTP downgrade
High
CVE-2022-31043
was published
for
guzzlehttp/guzzle
(Composer)
Jun 9, 2022
CURLOPT_HTTPAUTH option not cleared on change of origin
High
CVE-2022-31090
was published
for
guzzlehttp/guzzle
(Composer)
Jun 21, 2022
Microweber Discloses Sensitive Information
High
CVE-2020-13405
was published
for
microweber/microweber
(Composer)
May 24, 2022
Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID
High
CVE-2018-10189
was published
for
mautic/core
(Composer)
Jan 19, 2021
Dolibarr ERP and CRM Sensitive Data Disclosure
High
CVE-2017-14240
was published
for
dolibarr/dolibarr
(Composer)
May 17, 2022
Codiad information disclosure vulnerability
High
CVE-2017-20178
was published
for
codiad/codiad
(Composer)
Feb 21, 2023
league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase
High
CVE-2023-37260
was published
for
league/oauth2-server
(Composer)
Jul 6, 2023
Pimcore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
High
CVE-2023-3819
was published
for
pimcore/pimcore
(Composer)
Jul 21, 2023
Dolibarr vulnerable to unauthenticated database access
High
CVE-2023-33568
was published
for
dolibarr/dolibarr
(Composer)
Jun 13, 2023
TeamPass information exposure vulnerability
High
CVE-2023-3553
was published
for
nilsteampassnet/teampass
(Composer)
Jul 8, 2023
ProTip!
Advisories are also available from the
GraphQL API