GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,869
Erlang
29
GitHub Actions
16
Go
1,717
Maven
4,951
npm
3,480
NuGet
605
pip
3,026
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,123 advisories
Filter by severity
typo3 Security fix for Flow Swift Mailer package
High
GHSA-xjw3-5r5c-m5ph
was published
for
typo3/swiftmailer
(Composer)
Jun 5, 2024
Insecure Unserialize Vulnerability in FLOW3
Moderate
GHSA-m2hp-5x78-74mg
was published
for
typo3/flow
(Composer)
Jun 5, 2024
typo3 Information Disclosure Security Note
High
GHSA-g4xv-r3qw-v3q2
was published
for
typo3/neos
(Composer)
Jun 5, 2024
Typo3 Arbitrary file upload and XML External Entity processing
Moderate
GHSA-2p4f-vc9q-r5vp
was published
for
typo3/flow
(Composer)
Jun 5, 2024
By-passing Protection of PharStreamWrapper Interceptor
Moderate
GHSA-4v5g-8pq2-32m2
was published
for
typo3/phar-stream-wrapper
(Composer)
Jun 5, 2024
Time-Based Information Disclosure Vulnerability in Flow
Moderate
GHSA-r6mm-wmhf-849m
was published
for
typo3/flow
(Composer)
Jun 5, 2024
Privilege Escalation in TYPO3 Neos
Moderate
GHSA-wr3c-6c22-m9v6
was published
for
typo3/neos
(Composer)
Jun 5, 2024
Flow Bugfix Releases for Entity Security
High
GHSA-vh6j-wv25-8qxr
was published
for
typo3/flow
(Composer)
Jun 5, 2024
Cross-Site Scripting (XSS) vulnerabilities in Neos
High
GHSA-4542-p56h-8xww
was published
for
typo3/neos
(Composer)
Jun 5, 2024
Typo3 Cross-Site Scripting in Language Pack Handling
Moderate
GHSA-259v-xm34-p7fr
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Typo3 Broken Access Control in Import Module
Moderate
GHSA-f5rr-9r84-wwqf
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Typo3 Information Disclosure in Page Tree
Low
GHSA-h934-f4m4-wc8x
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Typo3 Arbitrary Code Execution and Cross-Site Scripting in Backend API
Moderate
GHSA-hww5-6x85-mc24
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Typo3 Security Misconfiguration in Frontend Session Handling
Moderate
GHSA-qr5f-6fcv-w69q
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Typo3 Security Misconfiguration in User Session Handling
Moderate
GHSA-g9rv-6g56-65h8
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Typo3 Information Disclosure in Backend User Interface
Moderate
GHSA-q9c4-9v5m-597p
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Typo3 Information Disclosure in User Authentication
Moderate
GHSA-m96r-7vqm-j95g
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Cross-Site Scripting in TYPO3 CMS Backend
Moderate
GHSA-v4qr-8h2v-qpjx
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Cross-Site Scripting in TYPO3 CMS
Moderate
GHSA-5gr6-97fv-52cc
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Insecure Unserialize in TYPO3 Backend
Moderate
GHSA-c7rj-92xr-wprg
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Observable Timing Discrepancy in pypqc
High
GHSA-hvh4-5qr6-3v7r
was published
for
pypqc
(pip)
Jun 5, 2024
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC
High
CVE-2024-36129
was published
for
go.opentelemetry.io/collector/config/configgrpc
(Go)
Jun 5, 2024
Cache Flooding in TYPO3 Frontend
Moderate
GHSA-pw2q-qwvj-gh43
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Authentication Bypass in TYPO3 Frontend
Moderate
GHSA-mh3r-6cp5-hc2j
was published
for
typo3/cms
(Composer)
Jun 5, 2024
BoringSSLAEADContext in Netty Repeats Nonces
Moderate
CVE-2024-36121
was published
for
io.netty.incubator:netty-incubator-codec-ohttp
(Maven)
Jun 5, 2024
ProTip!
Advisories are also available from the
GraphQL API