Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,901
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,047
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,185 advisories

ZendFramework vulnerable to Cross-site Scripting Moderate
GHSA-5gmf-3c43-q73v was published for zendframework/zendframework (Composer) Jun 7, 2024
ZendFramework potential remote code execution in zend-mail via Sendmail adapter Moderate
GHSA-gff2-p6vm-3p8g was published for zendframework/zendframework (Composer) Jun 7, 2024
ZendFramework Potential Proxy Injection Vulnerabilities Moderate
GHSA-mg7h-9qfx-4r83 was published for zendframework/zendframework (Composer) Jun 7, 2024
ZendFramework Information Disclosure and Insufficient Entropy vulnerability Moderate
GHSA-2fhr-8r8r-qp56 was published for zendframework/zendframework (Composer) Jun 7, 2024
ZendFramework SQL injection due to execution of platform-specific SQL containing interpolations High
GHSA-x2f4-8wxf-w3vf was published for zendframework/zendframework (Composer) Jun 7, 2024
Zendframework vulnerable to XXE/XEE attacks Critical
GHSA-qc7w-4567-84wv was published for zendframework/zendframework (Composer) Jun 7, 2024
ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities High
GHSA-xg9w-r469-m455 was published for zendframework/zendframework (Composer) Jun 7, 2024
Zendframework session validation vulnerability Moderate
GHSA-62f6-h68r-3jpw was published for zendframework/zendframework (Composer) Jun 7, 2024
ZendFramework Route Parameter Injection Via Query String in `Zend\Mvc` High
GHSA-jq87-2wxp-8349 was published for zendframework/zendframework (Composer) Jun 7, 2024
Zendframework has potential Cross-site Scripting vector in multiple view helpers Moderate
GHSA-8q77-cv62-jj38 was published for zendframework/zendframework (Composer) Jun 7, 2024
Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress` High
GHSA-xffp-6w68-4775 was published for zendframework/zendframework (Composer) Jun 7, 2024
TYPO3 Denial of Service in Online Media Asset Handling Moderate
GHSA-f3wf-q4fj-3gxf was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Information Disclosure in Install Tool Moderate
GHSA-6487-3qvg-8px9 was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Security Misconfiguration in Install Tool Cookie High
GHSA-f777-f784-36gm was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Cross-Site Scripting in Frontend User Login Moderate
GHSA-2rcw-9hrm-8q7q was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Cross-Site Scripting in Backend Modal Component Moderate
GHSA-7q33-hxwj-7p8v was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Cross-Site Scripting in Online Media Asset Rendering Moderate
GHSA-8m6j-p5jv-v69w was published for typo3/cms (Composer) Jun 7, 2024
Symlink bypasses filesystem sandbox Low
GHSA-55f3-3qvg-8pv5 was published for wasmer (Rust) Jun 7, 2024
yagehu
Cross-site scripting (XSS) vulnerability in Description metadata Moderate
CVE-2024-37160 was published for getformwork/formwork (Composer) Jun 7, 2024
Kyokito1412
TYPO3 Arbitrary Code Execution via File List Module High
GHSA-8h4m-r4wm-xj7r was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Denial of Service in Frontend Record Registration High
GHSA-g585-crjf-vhwq was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Information Disclosure of Installed Extensions Moderate
GHSA-f624-8hfq-5fh3 was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Cross-Site Scripting in Form Framework validation handling Moderate
GHSA-v8m4-3w37-ghxx was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Cross-Site Scripting in Form Framework Moderate
GHSA-4h5c-5g25-v7fh was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Security Misconfiguration for Backend User Accounts High
GHSA-c5mj-39cf-3pp5 was published for typo3/cms (Composer) Jun 7, 2024
ProTip! Advisories are also available from the GraphQL API