GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,709
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,899 advisories
Filter by severity
silverstripe/framework allows upload of dangerous file types
High
GHSA-vcg6-8fxc-x5cq
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework vulnerable to member disclosure in login form
Moderate
GHSA-crr3-h4m8-7f56
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework sends passwords back to browsers under some circumstances
Low
GHSA-vh7q-j8p5-2h4h
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework uploaded PHP script execution in assets
Moderate
GHSA-f43j-8hq4-2xj9
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework code execution vulnerability
High
GHSA-vgxh-x8jv-hmff
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework BackURL validation bypass with malformed URLs
High
GHSA-m5q3-mvcr-gc5m
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms
Moderate
GHSA-r3pr-fh25-wrfc
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework Privilege Escalation Risk in Member Edit form
Moderate
GHSA-xpff-c35g-j3cr
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework's URL parameters `isDev` and `isTest` unguarded
Moderate
GHSA-55qg-6c4m-mw6g
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework SQL injection in full text search
High
GHSA-xx4r-5265-48j6
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework users inadvertently passing sensitive data to LoginAttempt
Moderate
GHSA-ph62-fv59-vf9h
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework CSV Excel Macro Injection
High
GHSA-mqjc-x563-c9q8
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms
High
GHSA-7m2v-x7rg-5hm5
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework's User-Agent header not correctly invalidating user session
High
GHSA-4qx8-j9vh-2628
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework has Cross-site Scripting vulnerability in page history comparison
Moderate
GHSA-c4c3-j73v-634r
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework has Cross-site Scripting vulnerability in RedirectorPage
Moderate
GHSA-pp7q-6j3f-74vj
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework has Cross-site Scripting vulnerability in CMSSecurity BackURL
Moderate
GHSA-r85g-7jpv-8xrx
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework has Cross-site Scripting vulnerability in page name
Moderate
GHSA-hhvj-mcrx-3vcf
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework member disclosure in login form
Moderate
GHSA-g84q-cq55-xwgp
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework vulnerable to Cross-site Scripting In `OptionsetField` and `CheckboxSetField`
Moderate
GHSA-468j-6jrc-2rjx
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework's `Member.Name` is not escaped
Moderate
GHSA-r9vp-fp72-xgf7
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled
Low
GHSA-5r8w-66hq-rc39
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework missing ACL on reports
Moderate
GHSA-52cx-hpc5-cxwc
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`
Moderate
GHSA-p5h2-vr99-xm99
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework password encryption salt not updated
Low
GHSA-f3wp-xpv2-6vmg
was published
for
silverstripe/framework
(Composer)
May 27, 2024
ProTip!
Advisories are also available from the
GraphQL API