Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,696
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18,886 advisories

silverstripe/framework's User-Agent header not correctly invalidating user session High
GHSA-4qx8-j9vh-2628 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework has Cross-site Scripting vulnerability in page history comparison Moderate
GHSA-c4c3-j73v-634r was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework has Cross-site Scripting vulnerability in RedirectorPage Moderate
GHSA-pp7q-6j3f-74vj was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework has Cross-site Scripting vulnerability in CMSSecurity BackURL Moderate
GHSA-r85g-7jpv-8xrx was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework has Cross-site Scripting vulnerability in page name Moderate
GHSA-hhvj-mcrx-3vcf was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework member disclosure in login form Moderate
GHSA-g84q-cq55-xwgp was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework vulnerable to Cross-site Scripting In `OptionsetField` and `CheckboxSetField` Moderate
GHSA-468j-6jrc-2rjx was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework's `Member.Name` is not escaped Moderate
GHSA-r9vp-fp72-xgf7 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled Low
GHSA-5r8w-66hq-rc39 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework missing ACL on reports Moderate
GHSA-52cx-hpc5-cxwc was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()` Moderate
GHSA-p5h2-vr99-xm99 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework password encryption salt not updated Low
GHSA-f3wp-xpv2-6vmg was published for silverstripe/framework (Composer) May 27, 2024
SilverStripe comments module includes version of jQuery vulnerable to Cross-site Scripting Moderate
GHSA-frm9-7pm9-5rgc was published for silverstripe/comments (Composer) May 27, 2024
github.com/huandu/facebook may expose access_token in error message. Low
CVE-2024-35232 was published for github.com/huandu/facebook/v2 (Go) May 24, 2024
seiyab
Soot Infinite Loop vulnerability High
CVE-2023-46442 was published for org.soot-oss:soot (Maven) May 24, 2024
Kwik does not discard unused encryption keys Moderate
CVE-2024-22588 was published for tech.kwik:kwik (Maven) May 24, 2024
Jenkins Report Info Plugin Path Traversal vulnerability Moderate
CVE-2024-5273 was published for org.jenkins-ci.plugins:report-info (Maven) May 24, 2024
PHP Server Monitor vulnerable to Cross-site Scripting Moderate
CVE-2024-5312 was published for phpservermon/phpservermon (Composer) May 24, 2024
Dolibarr vulnerable to SQL Injection Critical
CVE-2024-5315 was published for dolibarr/dolibarr (Composer) May 24, 2024
Dolibarr vulnerable to SQL Injection Critical
CVE-2024-5314 was published for dolibarr/dolibarr (Composer) May 24, 2024
vxe-table Cross-site Scripting vulnerability Low
CVE-2023-1001 was published for vxe-table (npm) May 24, 2024
Pug allows JavaScript code execution if an application accepts untrusted input High
CVE-2024-36361 was published for pug (npm) May 24, 2024
silverstripe/framework ReadOnly transformation for formfields exploitable Moderate
GHSA-97jm-g33h-f46g was published for silverstripe/framework (Composer) May 23, 2024
Silverstripe Cross-site scripting vulnerability in VersionedRequestFilter Moderate
GHSA-mpqj-f4v3-334h was published for silverstripe/framework (Composer) May 23, 2024
Silverstripe Missing CSRF protection in login form Moderate
GHSA-vj2j-6g3w-4662 was published for silverstripe/framework (Composer) May 23, 2024
ProTip! Advisories are also available from the GraphQL API