GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,696
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,886 advisories
Filter by severity
silverstripe/framework's User-Agent header not correctly invalidating user session
High
GHSA-4qx8-j9vh-2628
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework has Cross-site Scripting vulnerability in page history comparison
Moderate
GHSA-c4c3-j73v-634r
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework has Cross-site Scripting vulnerability in RedirectorPage
Moderate
GHSA-pp7q-6j3f-74vj
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework has Cross-site Scripting vulnerability in CMSSecurity BackURL
Moderate
GHSA-r85g-7jpv-8xrx
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework has Cross-site Scripting vulnerability in page name
Moderate
GHSA-hhvj-mcrx-3vcf
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework member disclosure in login form
Moderate
GHSA-g84q-cq55-xwgp
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework vulnerable to Cross-site Scripting In `OptionsetField` and `CheckboxSetField`
Moderate
GHSA-468j-6jrc-2rjx
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework's `Member.Name` is not escaped
Moderate
GHSA-r9vp-fp72-xgf7
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled
Low
GHSA-5r8w-66hq-rc39
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework missing ACL on reports
Moderate
GHSA-52cx-hpc5-cxwc
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`
Moderate
GHSA-p5h2-vr99-xm99
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework password encryption salt not updated
Low
GHSA-f3wp-xpv2-6vmg
was published
for
silverstripe/framework
(Composer)
May 27, 2024
SilverStripe comments module includes version of jQuery vulnerable to Cross-site Scripting
Moderate
GHSA-frm9-7pm9-5rgc
was published
for
silverstripe/comments
(Composer)
May 27, 2024
github.com/huandu/facebook may expose access_token in error message.
Low
CVE-2024-35232
was published
for
github.com/huandu/facebook/v2
(Go)
May 24, 2024
Soot Infinite Loop vulnerability
High
CVE-2023-46442
was published
for
org.soot-oss:soot
(Maven)
May 24, 2024
Kwik does not discard unused encryption keys
Moderate
CVE-2024-22588
was published
for
tech.kwik:kwik
(Maven)
May 24, 2024
Jenkins Report Info Plugin Path Traversal vulnerability
Moderate
CVE-2024-5273
was published
for
org.jenkins-ci.plugins:report-info
(Maven)
May 24, 2024
PHP Server Monitor vulnerable to Cross-site Scripting
Moderate
CVE-2024-5312
was published
for
phpservermon/phpservermon
(Composer)
May 24, 2024
Dolibarr vulnerable to SQL Injection
Critical
CVE-2024-5315
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2024
Dolibarr vulnerable to SQL Injection
Critical
CVE-2024-5314
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2024
vxe-table Cross-site Scripting vulnerability
Low
CVE-2023-1001
was published
for
vxe-table
(npm)
May 24, 2024
Pug allows JavaScript code execution if an application accepts untrusted input
High
CVE-2024-36361
was published
for
pug
(npm)
May 24, 2024
silverstripe/framework ReadOnly transformation for formfields exploitable
Moderate
GHSA-97jm-g33h-f46g
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe Cross-site scripting vulnerability in VersionedRequestFilter
Moderate
GHSA-mpqj-f4v3-334h
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Silverstripe Missing CSRF protection in login form
Moderate
GHSA-vj2j-6g3w-4662
was published
for
silverstripe/framework
(Composer)
May 23, 2024
ProTip!
Advisories are also available from the
GraphQL API