Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
41
Go
3,039
Maven
5,000+
npm
4,779
NuGet
824
pip
4,380
Pub
12
RubyGems
987
Rust
1,143
Swift
50
Unreviewed advisories
All unreviewed
5,000+

8 advisories

Loading
Chrome PHP is missing encoding in `CssSelector` Moderate
CVE-2025-48883 was published for chrome-php/chrome (Composer) May 28, 2025
divinity76 Credited to divinity76, GrahamCampbell, and enricodias GrahamCampbell GrahamCampbell
enricodias enricodias
Slow String Operations via MultiPart Requests in Event-Driven Functions Moderate
CVE-2024-29186 was published for bref/bref (Composer) Mar 22, 2024
smaury Credited to smaury, mnapoli, rcambien, and GrahamCampbell mnapoli mnapoli
rcambien rcambien GrahamCampbell GrahamCampbell
Improper Input Validation in guzzlehttp/psr7 Moderate
CVE-2022-24775 was published for guzzlehttp/psr7 (Composer) Mar 25, 2022
TimWolla Credited to TimWolla and GrahamCampbell GrahamCampbell GrahamCampbell
Improper header name validation in guzzlehttp/psr7 Moderate
CVE-2023-29197 was published for guzzlehttp/psr7 (Composer) Apr 19, 2023
Nyholm Credited to Nyholm, TimWolla, and GrahamCampbell TimWolla TimWolla
GrahamCampbell GrahamCampbell
HTTP Multiline Header Termination High
CVE-2023-29530 was published for laminas/laminas-diactoros (Composer) Apr 24, 2023
GrahamCampbell Credited to GrahamCampbell and TimWolla TimWolla TimWolla
Insecure header validation in slim/psr7 Moderate
CVE-2023-30536 was published for slim/psr7 (Composer) Apr 18, 2023
GrahamCampbell Credited to GrahamCampbell, akrabat, and williamdes akrabat akrabat
williamdes williamdes
Failure to strip the Cookie header on change in host or HTTP downgrade High
CVE-2022-31042 was published for guzzlehttp/guzzle (Composer) Jun 9, 2022
GrahamCampbell Credited to GrahamCampbell and am0o0 am0o0 am0o0
Fix failure to strip Authorization header on HTTP downgrade High
CVE-2022-31043 was published for guzzlehttp/guzzle (Composer) Jun 9, 2022
GrahamCampbell Credited to GrahamCampbell
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database