Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
47
GitHub Actions
48
Go
3,379
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,574
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

28,106 advisories

Loading
Laravel Cross-site Scripting vulnerability in blade templating Moderate
GHSA-297g-xg4h-7w4c was published for illuminate/view (Composer) May 15, 2024
Laravel Risk of mass-assignment vulnerabilities Moderate
GHSA-cc2w-ghc5-m5qr was published for illuminate/database (Composer) May 15, 2024
Laravel RCE vulnerability in "cookie" session driver Critical
GHSA-2ffv-r4r9-r8xr was published for illuminate/cookie (Composer) May 15, 2024
Laravel Hijacked authentication cookies vulnerability Moderate
GHSA-q4xf-7fw5-4x8v was published for illuminate/auth (Composer) May 15, 2024
gregwar/rst Local File Inclusion Vulnerability High
GHSA-2gq2-m628-33xp was published for gregwar/rst (Composer) May 15, 2024
gree/jose - "None" Algorithm treated as valid in tokens Critical
GHSA-9gxv-x7rp-r2hc was published for gree/jose (Composer) May 15, 2024
fuel/core Crypt encryption compromised. Moderate
GHSA-fgrx-4637-fcf5 was published for fuel/core (Composer) May 15, 2024
fuel/core ImageMagick driver does not escape all shell arguments. High
GHSA-26hp-cgjj-m2j3 was published for fuel/core (Composer) May 15, 2024
FOSUserBundle User Identity Validation Vulnerability Moderate
GHSA-8wx3-8m4x-g5h4 was published for friendsofsymfony/user-bundle (Composer) May 15, 2024
FOSUserBundle Session Hijacking Vulnerability High
GHSA-6mjq-9x4w-m3w9 was published for friendsofsymfony/user-bundle (Composer) May 15, 2024
FOSUserBundle Entropy is lost in the TokenGenerator Moderate
GHSA-pjx8-984p-7p3x was published for friendsofsymfony/user-bundle (Composer) May 15, 2024
FOSRestBundle issue with broken validation of JSONP callbacks Moderate
GHSA-p9fg-j6ww-953m was published for friendsofsymfony/rest-bundle (Composer) May 15, 2024
friendsofsymfony/oauth2-php open redirection in oauth Moderate
GHSA-xm3x-4ph3-3x9c was published for friendsofsymfony/oauth2-php (Composer) May 15, 2024
firebase/php-jwt: "None" Algorithm treated as valid on tokens Critical
GHSA-h533-5v22-8vcp was published for firebase/php-jwt (Composer) May 15, 2024
eZ Platform User data disclosure High
GHSA-3g43-xfrw-pv5m was published for ezsystems/repository-forms (Composer) May 15, 2024
eZ Platform Admin UI is vulnerable to Cross-site Scripting (XSS) Moderate
GHSA-w9p3-26fx-5mp3 was published for ezsystems/platform-ui-assets-bundle (Composer) May 15, 2024
Ez Platform Object Injection in legacy shop module Moderate
GHSA-39j2-4p9j-5w4j was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
EZsystems Remote code execution in file uploads High
GHSA-9895-26wr-4fgv was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Stakater Forecastle has a directory traversal vulnerability High
CVE-2023-40297 was published for github.com/stakater/Forecastle (Go) May 15, 2024
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads Moderate
GHSA-pqjm-xcp8-wgmm was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
eZ Publish Legacy Passwordless login for LDAP users High
GHSA-p9mp-vq4v-v5m5 was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
eZ Publish Legacy Cross-site Scripting (XSS) in 'disabled module' error template Moderate
GHSA-2vh3-cj9j-mcj5 was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
eZ Platform Object Injection in SiteAccessMatchListener High
GHSA-64vj-933f-6pm3 was published for ezsystems/ezpublish-kernel (Composer) May 15, 2024
eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities High
GHSA-82rv-45pc-v28w was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
eZ Publish Information disclosure in backend content tree menu High
GHSA-cc2j-92jq-wgjg was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database