Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,176
Erlang
30
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

198 advisories

Loading
Symfony vulnerable to open redirect via browser-sanitized URLs Low
CVE-2024-50345 was published for symfony/http-foundation (Composer) Nov 6, 2024
nicolas-grekas
Symfony has an incorrect response from Validator when input ends with `\n` Low
CVE-2024-50343 was published for symfony/symfony (Composer) Nov 6, 2024
alexandre-daubois
Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient Low
CVE-2024-50342 was published for symfony/http-client (Composer) Nov 6, 2024
nicolas-grekas zozs
Symfony's `Security::login` does not take into account custom `user_checker` Low
CVE-2024-50341 was published for symfony/security-bundle (Composer) Nov 6, 2024
94noni xabbuh
Funadmin Cross-site Scripting vulnerability Low
CVE-2024-48228 was published for funadmin/funadmin (Composer) Oct 26, 2024
Admidio Vulnerable to HTML Injection In The Messages Section Low
CVE-2024-47836 was published for admidio/admidio (Composer) Oct 16, 2024
Kakashi1234
Magento Open Source Improper Access Control vulnerability Low
CVE-2024-45149 was published for magento/community-edition (Composer) Oct 10, 2024
Denial of Service in TYPO3 Bookmark Toolbar Low
CVE-2024-34537 was published for typo3/cms-backend (Composer) Oct 8, 2024
ohader bnf
Eichner
Information Disclosure in TYPO3 Page Tree Low
CVE-2024-47780 was published for typo3/cms-backend (Composer) Oct 8, 2024
ohader jpmschuler
Contao allows admin an account to upload SVG file containing malicious JavaScript Low
CVE-2024-45965 was published for contao/contao (Composer) Oct 2, 2024
Zenario allows authenticated admin users to upload PDF files containing malicious code Low
CVE-2024-45960 was published for tribalsystems/zenario (Composer) Oct 2, 2024
October allows an admin account to upload PDF containing malicious JavaScript Low
CVE-2024-45962 was published for october/october (Composer) Oct 2, 2024
Zenario Cross Site Scripting in the Image library Low
CVE-2024-45964 was published for tribalsystems/zenario (Composer) Oct 2, 2024
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload Low
CVE-2024-47528 was published for librenms/librenms (Composer) Oct 1, 2024
minhnq1618
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature Low
CVE-2024-47526 was published for librenms/librenms (Composer) Oct 1, 2024
RaphaelCSS RaphaelCSSilva
Cross site scripting in Concrete CMS Low
CVE-2024-7398 was published for concrete5/concrete5 (Composer) Sep 25, 2024
Cross site scripting in Concrete CMS Low
CVE-2024-8291 was published for concrete5/concrete5 (Composer) Sep 25, 2024
Concrete CMS vulnerable to Stored Cross-site Scripting Low
CVE-2024-7512 was published for concrete5/concrete5 (Composer) Aug 12, 2024
Concrete CMS Stored Cross-site Scripting vulnerability Low
CVE-2024-4350 was published for concrete5/concrete5 (Composer) Aug 12, 2024
Concrete CMS Stored XSS in getAttributeSetName Low
CVE-2024-7394 was published for concrete5/concrete5 (Composer) Aug 8, 2024
ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF Low
CVE-2024-41811 was published for ipl/web (Composer) Aug 5, 2024
Concrete CMS vulnerable to Stored Cross-site Scripting Low
CVE-2024-4353 was published for concrete5/concrete5 (Composer) Aug 1, 2024
aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services Low
CVE-2024-39324 was published for aimeos/ai-admin-graphql (Composer) Jul 2, 2024
ssshah2131
October System module has an Open Redirect for Administrator Accounts Low
CVE-2024-24764 was published for october/system (Composer) Jun 26, 2024
October System module has a Reflected XSS via X-October-Request-Handler Header Low
CVE-2024-25637 was published for october/system (Composer) Jun 26, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database