Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

21 advisories

Loading
Contao Insert tag injection in forms Moderate
CVE-2020-25768 was published for contao/contao (Composer) Sep 24, 2020
Authenticated remote code execution Moderate
GHSA-pjj4-jjgc-h3r8 was published for shopware/platform (Composer) Mar 12, 2021
Mautic vulnerable to secret data exfiltration via symfony parameters Moderate
CVE-2021-27908 was published for mautic/core (Composer) Apr 6, 2021
Gregy fedys
Client-Side JavaScript Prototype Pollution in oro/platform Moderate
CVE-2021-43852 was published for oro/platform (Composer) Jan 6, 2022
Moodle Does Not Escape Characters In Email Headers Moderate
CVE-2016-5013 was published for moodle/moodle (Composer) May 13, 2022
SilverStripe CSV Excel Macro Injection Moderate
CVE-2017-18049 was published for silverstripe/framework (Composer) May 14, 2022
Magento 2 Community Edition Injection Vulnerability Moderate
CVE-2019-7889 was published for magento/community-edition (Composer) May 24, 2022
Zenario CMS vulnerable to CRLF injection Moderate
CVE-2015-3154 was published for zendframework/zend-http (Composer) May 24, 2022
MediaWiki makeCollapsible allows applying event handler to any CSS selector Moderate
CVE-2020-10960 was published for mediawiki/core (Composer) May 24, 2022
anonymous4ACL24
Feehi CMS host header injection vulnerability Moderate
CVE-2022-38796 was published for feehi/cms (Composer) Sep 15, 2022
Froxlor vulnerable to Argument Injection Moderate
CVE-2022-4864 was published for froxlor/froxlor (Composer) Dec 31, 2022
omeka/omeka-s Improper Input Validation vulnerability Moderate
CVE-2023-4157 was published for omeka/omeka-s (Composer) Aug 4, 2023
Contao: Insufficient BBCode sanitizer Moderate
CVE-2024-28234 was published for contao/comments-bundle (Composer) Apr 9, 2024
m-vo
Pusher Service Channel Authentication Bypass Moderate
GHSA-7v7m-pcw5-h3cg was published for pusher/pusher-php-server (Composer) May 20, 2024
SimpleSAMLphp Link Injection vulnerability Moderate
GHSA-v858-922f-fj9v was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension Moderate
GHSA-g5vj-wj9x-4jg9 was published for symbiote/silverstripe-multivaluefield (Composer) May 29, 2024
ZendFramework Potential Proxy Injection Vulnerabilities Moderate
GHSA-mg7h-9qfx-4r83 was published for zendframework/zendframework (Composer) Jun 7, 2024
ZendFramework potential remote code execution in zend-mail via Sendmail adapter Moderate
GHSA-gff2-p6vm-3p8g was published for zendframework/zendframework (Composer) Jun 7, 2024
Contao affected by insert tag injection via canonical URL Moderate
CVE-2024-45612 was published for contao/core-bundle (Composer) Sep 17, 2024
aschempp
Symfony allows changing the environment through a query Moderate
CVE-2024-50340 was published for symfony/runtime (Composer) Nov 6, 2024
wouterj
Moodle vulnerable to cache poisoning via injection into storage Moderate
CVE-2024-43428 was published for moodle/moodle (Composer) Nov 7, 2024
ProTip! Advisories are also available from the GraphQL API