Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,732
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,946
npm
3,474
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

107,452 advisories

symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension Moderate
GHSA-g5vj-wj9x-4jg9 was published for symbiote/silverstripe-multivaluefield (Composer) May 29, 2024
Sylius Admin Bundle Cross-Site Request Forgery vulnerability Moderate
GHSA-945h-6vcv-pc8h was published for sylius/admin-bundle (Composer) May 29, 2024
Sylius Resource Bundle Cross-Site Request Forgery vulnerability Moderate
GHSA-65v7-wg35-2qpm was published for sylius/resource-bundle (Composer) May 29, 2024
Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects Moderate
CVE-2024-36112 was published for nautobot (pip) May 29, 2024
MinIO information disclosure vulnerability Moderate
CVE-2024-36107 was published for github.com/minio/minio (Go) May 29, 2024
stefansundin shtripat
Aimeos denial of service vulnerability in SaaS and marketplace setups Moderate
GHSA-xjm6-jfmg-qc6p was published for aimeos/aimeos-core (Composer) May 29, 2024
stormpath/sdk uses Insecure Random Number Generator Moderate
GHSA-q8fc-v85f-78pw was published for stormpath/sdk (Composer) May 29, 2024
ScnSocialAuth Cross-site Scripting vulnerability in login redirect param Moderate
GHSA-g6f5-4w43-2x63 was published for socalnick/scn-social-auth (Composer) May 29, 2024
SimpleSAMLphp Information Disclosure vulnerability Moderate
GHSA-ppm4-r2vc-pg74 was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
rockhopper Buffer Overflow vulnerability Moderate
CVE-2022-4969 was published for rockhopper (pip) May 28, 2024
dbt allows Binding to an Unrestricted IP Address via socketsocket Moderate
CVE-2024-36105 was published for dbt-core (pip) May 28, 2024
ericwb
Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality Moderate
CVE-2024-35240 was published for Umbraco.Commerce (NuGet) May 28, 2024
SimpleSAMLphp Reflected Cross-site Scripting vulnerability Moderate
GHSA-vpr3-cw3h-prw8 was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
SimpleSAMLphp exposes credentials in session storage Moderate
GHSA-7wh8-jrq7-p27f was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
SimpleSAMLphp Link Injection vulnerability Moderate
GHSA-v858-922f-fj9v was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
silverstripe/userforms file upload exposure on UserForms module Moderate
GHSA-55pp-293f-3365 was published for silverstripe/userforms (Composer) May 28, 2024
Denial of service of Minder Server from maliciously crafted GitHub attestations Moderate
CVE-2024-35238 was published for github.com/stacklok/minder (Go) May 28, 2024
AdamKorcz DavidKorczynski
formwork Cross-site scripting vulnerability in Markdown fields Moderate
CVE-2024-35621 was published for getformwork/formwork (Composer) May 28, 2024
Kaminari Insecure File Permissions Vulnerability Moderate
CVE-2024-32978 was published for kaminari (RubyGems) May 28, 2024
G-Rath
silverstripe/framework may disclose database credentials during connection failure Moderate
GHSA-m2hh-2m46-x6j5 was published for silverstripe/framework (Composer) May 28, 2024
silverstripe/framework vulnerable to member disclosure in login form Moderate
GHSA-crr3-h4m8-7f56 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework uploaded PHP script execution in assets Moderate
GHSA-f43j-8hq4-2xj9 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms Moderate
GHSA-r3pr-fh25-wrfc was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework Privilege Escalation Risk in Member Edit form Moderate
GHSA-xpff-c35g-j3cr was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework's URL parameters `isDev` and `isTest` unguarded Moderate
GHSA-55qg-6c4m-mw6g was published for silverstripe/framework (Composer) May 27, 2024
ProTip! Advisories are also available from the GraphQL API