Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
47
GitHub Actions
48
Go
3,378
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,573
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

28,102 advisories

Loading
eZ Platform CSRF token in login form is disabled by default High
GHSA-45qm-j4m9-whv9 was published for ezsystems/ezplatform (Composer) May 15, 2024
eZ Platform Admin UI Password reset vulnerability High
GHSA-hfpp-2vhw-qq43 was published for ezsystems/ezplatform-user (Composer) May 15, 2024
eZ Platform Object Injection in SiteAccessMatchListener High
GHSA-2w9p-xxqr-h253 was published for ezsystems/ezplatform-kernel (Composer) May 15, 2024
eZ Platform Admin UI Cross-site Scripting vulnerability High
GHSA-q73v-79x3-jv2w was published for ezsystems/ezplatform-admin-ui (Composer) May 15, 2024
eZ Platform Password reset vulnerability High
GHSA-cg84-55jx-4237 was published for ezsystems/ezplatform-admin-ui (Composer) May 15, 2024
eZ Platform Editor Cross-site Scripting (XSS) Moderate
GHSA-4c2w-v5rq-5mx7 was published for ezsystems/ezplatform-admin-ui-assets (Composer) May 15, 2024
eZ Platform Bundled jQuery affected by CVE-2019-11358 Moderate
GHSA-jrpw-8884-2747 was published for ezsystems/ezplatform-admin-ui-assets (Composer) May 15, 2024
Cross-site Scripting in eZFind spellcheck High
GHSA-9cq2-pcgr-8h62 was published for ezsystems/ezfind-ls (Composer) May 15, 2024
ezsystems/ez-support-tools Failing access control in system info view Moderate
GHSA-xmp3-7745-g4vj was published for ezsystems/ez-support-tools (Composer) May 15, 2024
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS High
GHSA-jq9q-6p42-qpr7 was published for ezsystems/ezdemo-ls-extension (Composer) May 15, 2024
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS High
GHSA-8c85-4rr5-chr4 was published for ezsystems/demobundle (Composer) May 15, 2024
endroid/qr-code-bundle File Disclosure via logo_path query parameter Moderate
GHSA-mvf6-3f2g-xfxf was published for endroid/qr-code-bundle (Composer) May 15, 2024
Drupal Cross-Site Scripting (XSS) affecting CKEditor Third-party library Moderate
GHSA-qf65-hph9-453r was published for drupal/drupal (Composer) May 15, 2024
Drupal core Arbitrary PHP code execution High
GHSA-j66p-fvp2-fxhj was published for drupal/drupal (Composer) May 15, 2024
Drupal core uses a vulnerable Third-party library CKEditor Moderate
GHSA-337w-fxpq-5m34 was published for drupal/drupal (Composer) May 15, 2024
Drupal core Open Redirect vulnerability Moderate
GHSA-wxfg-253g-m7r4 was published for drupal/drupal (Composer) May 15, 2024
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar High
GHSA-m9fv-whq2-6wmc was published for drupal/drupal (Composer) May 15, 2024
Drupal core Access control bypass Moderate
GHSA-5x28-3f32-x523 was published for drupal/drupal (Composer) May 15, 2024
Drupal core Denial of Service Moderate
GHSA-w333-5f96-mjrr was published for drupal/drupal (Composer) May 15, 2024
Drupal core Remote Code Execution Critical
GHSA-jf8c-36vw-98x4 was published for drupal/drupal (Composer) May 15, 2024
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution Critical
GHSA-jjx7-8462-w4m4 was published for drupal/drupal (Composer) May 15, 2024
Drupal Malicious file upload with filenames stating with dot Moderate
GHSA-58xv-7h9r-mx3c was published for drupal/drupal (Composer) May 15, 2024
Drupal Anonymous Open Redirect Moderate
GHSA-x6v2-xmrq-574j was published for drupal/drupal (Composer) May 15, 2024
Drupal Content moderation Access bypass Moderate
GHSA-86xw-vmcx-9mj4 was published for drupal/drupal (Composer) May 15, 2024
Drupal External URL injection through URL aliases leading to Open Redirect Moderate
GHSA-r67r-42wx-c8r7 was published for drupal/drupal (Composer) May 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database