GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
959 advisories
Filter by severity
Jupyter server on Windows discloses Windows user password hash
High
CVE-2024-35178
was published
for
jupyter_server
(pip)
Jun 6, 2024
Password hash exposed in CraftCMS two factor authentication plugin
Low
CVE-2024-5657
was published
for
born05/craft-twofactorauthentication
(Composer)
Jun 6, 2024
BoringSSLAEADContext in Netty Repeats Nonces
Moderate
CVE-2024-36121
was published
for
io.netty.incubator:netty-incubator-codec-ohttp
(Maven)
Jun 5, 2024
Typo3 Arbitrary File Disclosure in Form Component
Moderate
GHSA-wrpf-2x8h-82gr
was published
for
typo3/cms
(Composer)
Jun 4, 2024
Duplicate Advisory: Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)
High
GHSA-4vrx-8phj-x3mg
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 3, 2024
•
withdrawn
Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints
Moderate
CVE-2024-35189
was published
for
ethyca-fides
(pip)
Jun 2, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
Moderate
CVE-2024-34002
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
Moderate
CVE-2024-34004
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
Moderate
CVE-2024-34005
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
Moderate
CVE-2024-34003
was published
for
moodle/moodle
(Composer)
May 31, 2024
TYPO3 Frontend vulnerable to Unauthenticated Path Disclosure
Moderate
GHSA-pqfv-97hj-g97g
was published
for
typo3/cms
(Composer)
May 30, 2024
TYPO3 Information Disclosure Vulnerability Exploitable by Editors
Moderate
GHSA-r287-hc8j-w56h
was published
for
typo3/cms
(Composer)
May 30, 2024
TYPO3 Disclosure of Information about Installed Extensions
Moderate
GHSA-p2h4-7fp3-cmh8
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Information Disclosure in Page Tree
Moderate
GHSA-wvvp-jwf5-qcpc
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Information Disclosure in Install Tool
Moderate
GHSA-66c2-7g4p-wx4p
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Symfony allows direct access of ESI URLs behind a trusted proxy
High
CVE-2014-5245
was published
for
symfony/http-kernel
(Composer)
May 30, 2024
MinIO information disclosure vulnerability
Moderate
CVE-2024-36107
was published
for
github.com/minio/minio
(Go)
May 29, 2024
silverstripe/userforms file upload exposure on UserForms module
Moderate
GHSA-55pp-293f-3365
was published
for
silverstripe/userforms
(Composer)
May 28, 2024
silverstripe/framework vulnerable to member disclosure in login form
Moderate
GHSA-crr3-h4m8-7f56
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms
Moderate
GHSA-r3pr-fh25-wrfc
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework's URL parameters `isDev` and `isTest` unguarded
Moderate
GHSA-55qg-6c4m-mw6g
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework member disclosure in login form
Moderate
GHSA-g84q-cq55-xwgp
was published
for
silverstripe/framework
(Composer)
May 27, 2024
jupyter-scheduler's endpoint is missing authentication
Moderate
CVE-2024-28188
was published
for
jupyter-scheduler
(pip)
May 23, 2024
Dapr API Token Exposure
Moderate
CVE-2024-35223
was published
for
github.com/dapr/dapr
(Go)
May 22, 2024
ProTip!
Advisories are also available from the
GraphQL API