Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

208 advisories

Loading
Reflected Cross Site Scripting (XSS) in error message Low
GHSA-74j9-xhqr-6qv3 was published for silverstripe/framework (Composer) Jan 23, 2025
Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message Low
GHSA-mqf3-qpc3-g26q was published for silverstripe/framework (Composer) Jan 14, 2025
TYPO3 Information Disclosure via Exception Handling/Logger Low
CVE-2024-55891 was published for typo3/cms-install (Composer) Jan 14, 2025
ohader
Grav Cross-site Scripting vulnerability Low
CVE-2024-35498 was published for getgrav/grav (Composer) Jan 6, 2025
REDAXO CMS Cross-site Scripting vulnerability Low
CVE-2024-46209 was published for redaxo/source (Composer) Jan 6, 2025
Drupal core contains a potential PHP Object Injection vulnerability Low
CVE-2024-55636 was published for drupal/core (Composer) Dec 10, 2024
Moodle Cross-site Scripting vulnerability Low
CVE-2024-43437 was published for moodle/moodle (Composer) Nov 11, 2024
Moodle's user/power level management inconsistent with suspended users Low
CVE-2024-43433 was published for moodle/moodle (Composer) Nov 11, 2024
Moodle has insufficient capability checks Low
CVE-2024-43435 was published for moodle/moodle (Composer) Nov 11, 2024
Moodle has user information visibility control issues in gradebook reports Low
CVE-2024-43429 was published for moodle/moodle (Composer) Nov 11, 2024
Moodle admin presets export tool includes some secrets that should not be exported Low
CVE-2024-43427 was published for moodle/moodle (Composer) Nov 11, 2024
Moodle has insufficient access control Low
CVE-2024-43430 was published for moodle/moodle (Composer) Nov 11, 2024
Moodle authorization headers preserved between "emulated redirects" Low
CVE-2024-43432 was published for moodle/moodle (Composer) Nov 11, 2024
Filament has exported files stored in default (`public`) filesystem if not reconfigured Low
CVE-2024-51758 was published for filament/actions (Composer) Nov 7, 2024
danharrin catferq
Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled Low
CVE-2024-51755 was published for twig/twig (Composer) Nov 6, 2024
maantje nicolas-grekas
G-Rath
Twig has unguarded calls to `__toString()` when nesting an object into an array Low
CVE-2024-51754 was published for twig/twig (Composer) Nov 6, 2024
maantje fabpot
Symfony vulnerable to open redirect via browser-sanitized URLs Low
CVE-2024-50345 was published for symfony/http-foundation (Composer) Nov 6, 2024
nicolas-grekas zer0yu
Symfony has an incorrect response from Validator when input ends with `\n` Low
CVE-2024-50343 was published for symfony/symfony (Composer) Nov 6, 2024
offscriptian alexandre-daubois
Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient Low
CVE-2024-50342 was published for symfony/http-client (Composer) Nov 6, 2024
nicolas-grekas zozs
cs278
Symfony's `Security::login` does not take into account custom `user_checker` Low
CVE-2024-50341 was published for symfony/security-bundle (Composer) Nov 6, 2024
94noni xabbuh
Funadmin Cross-site Scripting vulnerability Low
CVE-2024-48228 was published for funadmin/funadmin (Composer) Oct 26, 2024
Admidio Vulnerable to HTML Injection In The Messages Section Low
CVE-2024-47836 was published for admidio/admidio (Composer) Oct 16, 2024
Kakashi1234
Magento Open Source Improper Access Control vulnerability Low
CVE-2024-45149 was published for magento/community-edition (Composer) Oct 10, 2024
Denial of Service in TYPO3 Bookmark Toolbar Low
CVE-2024-34537 was published for typo3/cms-backend (Composer) Oct 8, 2024
ohader bnf
Eichner
Information Disclosure in TYPO3 Page Tree Low
CVE-2024-47780 was published for typo3/cms-backend (Composer) Oct 8, 2024
ohader jpmschuler
ProTip! Advisories are also available from the GraphQL API