Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,627
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,848
Pub
13
RubyGems
1,045
Rust
1,301
Swift
53
Unreviewed advisories
All unreviewed
5,000+

29,566 advisories

Loading
Symfony has unsafe methods in the Request class Moderate
CVE-2015-2309 was published for symfony/http-foundation (Composer) May 30, 2024
Symfony has a security issue when parsing the Authorization header Moderate
CVE-2014-6061 was published for symfony/http-foundation (Composer) May 30, 2024
Symfony vulnerable to denial of service via a malicious HTTP Host header High
CVE-2014-5244 was published for symfony/http-foundation (Composer) May 30, 2024
Symfony2 security issue when the trust proxy mode is enabled Moderate
GHSA-vfm6-r2gc-pwww was published for symfony/http-foundation (Composer) May 30, 2024
Code injection in the way Symfony implements translation caching in FrameworkBundle High
CVE-2014-4931 was published for symfony/framework-bundle (Composer) May 30, 2024
Symfony XML Entity Expansion security vulnerability High
GHSA-c636-cg5r-2498 was published for symfony/dependency-injection (Composer) May 29, 2024
symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension Moderate
GHSA-g5vj-wj9x-4jg9 was published for symbiote/silverstripe-multivaluefield (Composer) May 29, 2024
Sylius Admin Bundle Cross-Site Request Forgery vulnerability Moderate
GHSA-945h-6vcv-pc8h was published for sylius/admin-bundle (Composer) May 29, 2024
Sylius Resource Bundle Cross-Site Request Forgery vulnerability Moderate
GHSA-65v7-wg35-2qpm was published for sylius/resource-bundle (Composer) May 29, 2024
Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag High
CVE-2024-35226 was published for smarty/smarty (Composer) May 29, 2024
TrixterTheTux Credited to TrixterTheTux
Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects Moderate
CVE-2024-36112 was published for nautobot (pip) May 29, 2024
MinIO information disclosure vulnerability Moderate
CVE-2024-36107 was published for github.com/minio/minio (Go) May 29, 2024
stefansundin Credited to stefansundin and shtripat shtripat shtripat
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability Low
CVE-2024-34715 was published for ethyca-fides (pip) May 29, 2024
tariqajyusuf Credited to tariqajyusuf and pattisdr pattisdr pattisdr
Aimeos denial of service vulnerability in SaaS and marketplace setups Moderate
CVE-2024-37294 was published for aimeos/aimeos-core (Composer) May 29, 2024
ssshah2131 Credited to ssshah2131
Swiftmailer Sendmail transport arbitrary shell execution Critical
GHSA-4qpj-gxxg-jqg4 was published for swiftmailer/swiftmailer (Composer) May 29, 2024
stormpath/sdk uses Insecure Random Number Generator Moderate
GHSA-q8fc-v85f-78pw was published for stormpath/sdk (Composer) May 29, 2024
ScnSocialAuth Cross-site Scripting vulnerability in login redirect param Moderate
GHSA-g6f5-4w43-2x63 was published for socalnick/scn-social-auth (Composer) May 29, 2024
SimpleSAMLphp Information Disclosure vulnerability Moderate
GHSA-ppm4-r2vc-pg74 was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
ansibleguy-webui Cross-site Scripting vulnerability High
CVE-2024-36110 was published for ansibleguy-webui (pip) May 28, 2024
ntrampham Credited to ntrampham and ansibleguy ansibleguy ansibleguy
rockhopper Buffer Overflow vulnerability Moderate
CVE-2022-4969 was published for rockhopper (pip) May 28, 2024
dbt allows Binding to an Unrestricted IP Address via socketsocket Moderate
CVE-2024-36105 was published for dbt-core (pip) May 28, 2024
ericwb Credited to ericwb
Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality Moderate
CVE-2024-35240 was published for Umbraco.Commerce (NuGet) May 28, 2024
RaphaelCSSilva Credited to RaphaelCSSilva
SimpleSAMLphp Reflected Cross-site Scripting vulnerability Moderate
GHSA-vpr3-cw3h-prw8 was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
Umbraco Forms components vulnerable to Stored Cross-site Scripting Low
CVE-2024-35239 was published for Umbraco.Forms (NuGet) May 28, 2024
RaphaelCSSilva Credited to RaphaelCSSilva
Mocodo vulnerable to SQL injection in `/web/generate.php` Critical
CVE-2024-35374 was published for mocodo (pip) May 28, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database