Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,720
Erlang
29
GitHub Actions
16
Go
1,709
Maven
4,945
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

92,737 advisories

silverstripe/subsites Unsafe SQL Query Construction (Safe Data Source) High
GHSA-xc69-p8fc-m6m5 was published for silverstripe/subsites (Composer) May 28, 2024
silverstripe/taxonomy SQL Injection vulnerability High
GHSA-p2v5-xcqm-4fv6 was published for silverstripe/taxonomy (Composer) May 28, 2024
rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter High
CVE-2024-35231 was published for rack-contrib (RubyGems) May 28, 2024
Sim4n6 ioquatix
OpenAPI Generator Online - Arbitrary File Read/Delete High
CVE-2024-35219 was published for org.openapitools:openapi-generator-online (Maven) May 28, 2024
stefan-schiller-sonarsource
silverstripe/graphql Cross-Site Request Forgery vulnerability High
GHSA-wjg9-v8cf-f5q2 was published for silverstripe/graphql (Composer) May 28, 2024
silverstripe/framework has potential SQL Injection vulnerability in PostgreSQL database connector High
GHSA-265q-222x-52m6 was published for silverstripe/framework (Composer) May 28, 2024
silverstripe/framework has possible denial of service attack vector when flushing High
GHSA-cwgq-83w5-8jfq was published for silverstripe/framework (Composer) May 28, 2024
silverstripe/framework allows upload of dangerous file types High
GHSA-vcg6-8fxc-x5cq was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework code execution vulnerability High
GHSA-vgxh-x8jv-hmff was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework BackURL validation bypass with malformed URLs High
GHSA-m5q3-mvcr-gc5m was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework SQL injection in full text search High
GHSA-xx4r-5265-48j6 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework CSV Excel Macro Injection High
GHSA-mqjc-x563-c9q8 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms High
GHSA-7m2v-x7rg-5hm5 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework's User-Agent header not correctly invalidating user session High
GHSA-4qx8-j9vh-2628 was published for silverstripe/framework (Composer) May 27, 2024
Soot Infinite Loop vulnerability High
CVE-2023-46442 was published for org.soot-oss:soot (Maven) May 24, 2024
Pug allows JavaScript code execution if an application accepts untrusted input High
CVE-2024-36361 was published for pug (npm) May 24, 2024
davidrunger
Silverstripe X-Forwarded-Host request hostname injection High
GHSA-25gq-jvx2-vg9x was published for silverstripe/framework (Composer) May 23, 2024
The 140+ Widgets | Best Addons For Elementor – FREE for WordPress is vulnerable to PHP Object... High Unreviewed
CVE-2024-4471 was published May 23, 2024
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object... High Unreviewed
CVE-2024-5085 was published May 23, 2024
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is... High Unreviewed
CVE-2024-4779 was published May 23, 2024
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds... High Unreviewed
CVE-2024-30280 was published May 23, 2024
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds... High Unreviewed
CVE-2024-30279 was published May 23, 2024
A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and... High Unreviewed
CVE-2024-4835 was published May 23, 2024
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is... High Unreviewed
CVE-2024-2038 was published May 23, 2024
The WP Fastest Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up... High Unreviewed
CVE-2024-4347 was published May 23, 2024
ProTip! Advisories are also available from the GraphQL API