GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,627
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,848
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+
29,566 advisories
Filter by severity
TYPO3 Information Disclosure in Install Tool
Moderate
GHSA-66c2-7g4p-wx4p
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Security Misconfiguration in Install Tool Cookie
High
GHSA-ppvg-hw62-6ph9
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Cross-Site Scripting in Frontend User Login
Moderate
GHSA-8c25-vj2w-p72j
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Cross-Site Scripting in Backend Modal Component
Moderate
GHSA-g4c9-qfvw-fmr4
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 CMS Insecure Deserialization
High
GHSA-96jg-pmc4-cx39
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Cross-Site Scripting in Online Media Asset Rendering
Moderate
GHSA-wg8h-gxf4-g4gh
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 CMS Privilege Escalation and SQL Injection
High
GHSA-45wj-jv2h-jwrf
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 CMS Insecure Deserialization & Arbitrary Code Execution
Critical
GHSA-cc97-g92w-jm65
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 CMS Authentication Bypass vulnerability
High
GHSA-x4rj-f7m6-42c3
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Twig Path Traversal vulnerability in the filesystem loader
Moderate
GHSA-7cvr-xhm5-x998
was published
for
twig/twig
(Composer)
May 30, 2024
titon/framework vulnerable to Remote Code Execution via Chosen-Ciphertext Attack
Critical
GHSA-q3jm-v27q-jfww
was published
for
titon/framework
(Composer)
May 30, 2024
Thelia authentication bypass vulnerability
High
GHSA-g8pg-33v4-9r96
was published
for
thelia/thelia
(Composer)
May 30, 2024
Thelia BackOffice default template vulnerable to Cross-site Scripting
Moderate
GHSA-pp7v-wxx9-hm6r
was published
for
thelia/backoffice-default-template
(Composer)
May 30, 2024
Thelia Cross-site Scripting vulnerability in BackOffice
Moderate
GHSA-vq4j-qcx7-ppc6
was published
for
thelia/thelia
(Composer)
May 30, 2024
Duplicate Advisory: terminal42/contao-tablelookupwizard possible SQL injection in widget field value
Critical
GHSA-7fpj-wc8v-9cgc
was published
for
terminal42/contao-tablelookupwizard
(Composer)
May 30, 2024
•
withdrawn
symfony/validator XML Entity Expansion vulnerability
High
GHSA-4vf2-qfg3-7598
was published
for
symfony/validator
(Composer)
May 30, 2024
symfony/translation XML Entity Expansion vulnerability
High
GHSA-f75p-x5vm-83qp
was published
for
symfony/translation
(Composer)
May 30, 2024
Symfony Cross-Site Request Forgery vulnerability in the Web Profiler
High
CVE-2014-6072
was published
for
symfony/symfony
(Composer)
May 30, 2024
Symfony2 improper IP based access control
Moderate
GHSA-hx53-jchx-cr52
was published
for
symfony/symfony
(Composer)
May 30, 2024
Symfony XML Entity Expansion security vulnerability
High
GHSA-q2gc-gg3x-7942
was published
for
symfony/symfony
(Composer)
May 30, 2024
Symfony XML decoding attack vector through external entities
Critical
GHSA-mmcv-fvq8-r9x3
was published
for
symfony/symfony
(Composer)
May 30, 2024
Symfony may allow a user to switch to using another user's identity
Moderate
GHSA-7mx2-7q8p-pgmw
was published
for
symfony/symfony
(Composer)
May 30, 2024
Symfony XML decoding attack vector through external entities
Critical
GHSA-j68w-pg49-f6vx
was published
for
symfony/serializer
(Composer)
May 30, 2024
Symfony XXE security vulnerability
High
GHSA-rjpm-qmq7-q85w
was published
for
symfony/routing
(Composer)
May 30, 2024
Symfony allows direct access of ESI URLs behind a trusted proxy
High
CVE-2014-5245
was published
for
symfony/http-kernel
(Composer)
May 30, 2024
ProTip!
Advisories are also available from the
GraphQL API