Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,718
Erlang
29
GitHub Actions
16
Go
1,709
Maven
4,945
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18,912 advisories

silverstripe/subsites Unsafe SQL Query Construction (Safe Data Source) High
GHSA-xc69-p8fc-m6m5 was published for silverstripe/subsites (Composer) May 28, 2024
silverstripe/taxonomy SQL Injection vulnerability High
GHSA-p2v5-xcqm-4fv6 was published for silverstripe/taxonomy (Composer) May 28, 2024
silverstripe/userforms file upload exposure on UserForms module Moderate
GHSA-55pp-293f-3365 was published for silverstripe/userforms (Composer) May 28, 2024
Denial of service of Minder Server from maliciously crafted GitHub attestations Moderate
CVE-2024-35238 was published for github.com/stacklok/minder (Go) May 28, 2024
AdamKorcz DavidKorczynski
formwork Cross-site scripting vulnerability in Markdown fields Moderate
CVE-2024-35621 was published for getformwork/formwork (Composer) May 28, 2024
rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter High
CVE-2024-35231 was published for rack-contrib (RubyGems) May 28, 2024
Sim4n6 ioquatix
OpenAPI Generator Online - Arbitrary File Read/Delete High
CVE-2024-35219 was published for org.openapitools:openapi-generator-online (Maven) May 28, 2024
stefan-schiller-sonarsource
Kaminari Insecure File Permissions Vulnerability Moderate
CVE-2024-32978 was published for kaminari (RubyGems) May 28, 2024
G-Rath
silverstripe/graphql Cross-Site Request Forgery vulnerability High
GHSA-wjg9-v8cf-f5q2 was published for silverstripe/graphql (Composer) May 28, 2024
silverstripe/framework has potential SQL Injection vulnerability in PostgreSQL database connector High
GHSA-265q-222x-52m6 was published for silverstripe/framework (Composer) May 28, 2024
silverstripe/framework has possible denial of service attack vector when flushing High
GHSA-cwgq-83w5-8jfq was published for silverstripe/framework (Composer) May 28, 2024
silverstripe/framework may disclose database credentials during connection failure Moderate
GHSA-m2hh-2m46-x6j5 was published for silverstripe/framework (Composer) May 28, 2024
silverstripe/framework allows upload of dangerous file types High
GHSA-vcg6-8fxc-x5cq was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework vulnerable to member disclosure in login form Moderate
GHSA-crr3-h4m8-7f56 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework sends passwords back to browsers under some circumstances Low
GHSA-vh7q-j8p5-2h4h was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework uploaded PHP script execution in assets Moderate
GHSA-f43j-8hq4-2xj9 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework code execution vulnerability High
GHSA-vgxh-x8jv-hmff was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework BackURL validation bypass with malformed URLs High
GHSA-m5q3-mvcr-gc5m was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms Moderate
GHSA-r3pr-fh25-wrfc was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework Privilege Escalation Risk in Member Edit form Moderate
GHSA-xpff-c35g-j3cr was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework's URL parameters `isDev` and `isTest` unguarded Moderate
GHSA-55qg-6c4m-mw6g was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework SQL injection in full text search High
GHSA-xx4r-5265-48j6 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework users inadvertently passing sensitive data to LoginAttempt Moderate
GHSA-ph62-fv59-vf9h was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework CSV Excel Macro Injection High
GHSA-mqjc-x563-c9q8 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms High
GHSA-7m2v-x7rg-5hm5 was published for silverstripe/framework (Composer) May 27, 2024
ProTip! Advisories are also available from the GraphQL API