Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,227 advisories

s2n-tls has a potentially observable differences in RSA premaster secret handling Low
GHSA-52xf-5p2m-9wrv was published for s2n-tls (Rust) Jun 6, 2024
Password hash exposed in CraftCMS two factor authentication plugin Low
CVE-2024-5657 was published for born05/craft-twofactorauthentication (Composer) Jun 6, 2024
Improper Authentication in CraftCMS two factor authentication plugin Moderate
CVE-2024-5658 was published for born05/craft-twofactorauthentication (Composer) Jun 6, 2024
typo3 Security fix for Flow Swift Mailer package High
GHSA-xjw3-5r5c-m5ph was published for typo3/swiftmailer (Composer) Jun 5, 2024
Insecure Unserialize Vulnerability in FLOW3 Moderate
GHSA-m2hp-5x78-74mg was published for typo3/flow (Composer) Jun 5, 2024
typo3 Information Disclosure Security Note High
GHSA-g4xv-r3qw-v3q2 was published for typo3/neos (Composer) Jun 5, 2024
Typo3 Arbitrary file upload and XML External Entity processing Moderate
GHSA-2p4f-vc9q-r5vp was published for typo3/flow (Composer) Jun 5, 2024
By-passing Protection of PharStreamWrapper Interceptor Moderate
GHSA-4v5g-8pq2-32m2 was published for typo3/phar-stream-wrapper (Composer) Jun 5, 2024
Time-Based Information Disclosure Vulnerability in Flow Moderate
GHSA-r6mm-wmhf-849m was published for typo3/flow (Composer) Jun 5, 2024
Privilege Escalation in TYPO3 Neos Moderate
GHSA-wr3c-6c22-m9v6 was published for typo3/neos (Composer) Jun 5, 2024
Flow Bugfix Releases for Entity Security High
GHSA-vh6j-wv25-8qxr was published for typo3/flow (Composer) Jun 5, 2024
Cross-Site Scripting (XSS) vulnerabilities in Neos High
GHSA-4542-p56h-8xww was published for typo3/neos (Composer) Jun 5, 2024
Typo3 Cross-Site Scripting in Language Pack Handling Moderate
GHSA-259v-xm34-p7fr was published for typo3/cms (Composer) Jun 5, 2024
Typo3 Broken Access Control in Import Module Moderate
GHSA-f5rr-9r84-wwqf was published for typo3/cms (Composer) Jun 5, 2024
Typo3 Information Disclosure in Page Tree Low
GHSA-h934-f4m4-wc8x was published for typo3/cms (Composer) Jun 5, 2024
Typo3 Arbitrary Code Execution and Cross-Site Scripting in Backend API Moderate
GHSA-hww5-6x85-mc24 was published for typo3/cms (Composer) Jun 5, 2024
Typo3 Security Misconfiguration in Frontend Session Handling Moderate
GHSA-qr5f-6fcv-w69q was published for typo3/cms (Composer) Jun 5, 2024
Typo3 Security Misconfiguration in User Session Handling Moderate
GHSA-g9rv-6g56-65h8 was published for typo3/cms (Composer) Jun 5, 2024
Typo3 Information Disclosure in Backend User Interface Moderate
GHSA-q9c4-9v5m-597p was published for typo3/cms (Composer) Jun 5, 2024
Typo3 Information Disclosure in User Authentication Moderate
GHSA-m96r-7vqm-j95g was published for typo3/cms (Composer) Jun 5, 2024
Cross-Site Scripting in TYPO3 CMS Backend Moderate
GHSA-v4qr-8h2v-qpjx was published for typo3/cms (Composer) Jun 5, 2024
Cross-Site Scripting in TYPO3 CMS Moderate
GHSA-5gr6-97fv-52cc was published for typo3/cms (Composer) Jun 5, 2024
Insecure Unserialize in TYPO3 Backend Moderate
GHSA-c7rj-92xr-wprg was published for typo3/cms (Composer) Jun 5, 2024
Observable Timing Discrepancy in pypqc High
GHSA-hvh4-5qr6-3v7r was published for pypqc (pip) Jun 5, 2024
JamesTheAwesomeDude
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC High
CVE-2024-36129 was published for go.opentelemetry.io/collector/config/configgrpc (Go) Jun 5, 2024
jpkrohling arminru
mx-psi stamparm
ProTip! Advisories are also available from the GraphQL API