Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,218
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

76 advisories

Loading
CodeIgniter4 Potential Session Handlers Vulnerability High
CVE-2022-46170 was published for codeigniter4/framework (Composer) Dec 22, 2022
srtnlgn
TYPO3 CMS vulnerable to Weak Authentication in Frontend Login Moderate
CVE-2022-23501 was published for typo3/cms (Composer) Dec 13, 2022
derhansen
Concrete CMS vulnerable to Improper Authentication Moderate
CVE-2022-43690 was published for concrete5/concrete5 (Composer) Nov 15, 2022
tdunlap607
Moodle type juggling vulnerability Moderate
CVE-2021-40693 was published for moodle/moodle (Composer) Sep 30, 2022
Snipe-IT vulnerable to Improper Authentication Moderate
CVE-2022-3173 was published for snipe/snipe-it (Composer) Sep 18, 2022
TYPO3 CMS missing check for expiration time of password reset token for backend users Moderate
CVE-2022-36106 was published for typo3/cms (Composer) Sep 16, 2022
infabo
Cockpit Content Platform vulnerable to 2FA bypass High
CVE-2022-2818 was published for cockpit-hq/cockpit (Composer) Aug 16, 2022
Unpublished, protected files can be published via shortcode Moderate
CVE-2022-29858 was published for silverstripe/assets (Composer) Jun 29, 2022
Magento Broken authentication and session managememt Critical
CVE-2019-8149 was published for magento/community-edition (Composer) May 24, 2022
Codiad Vulnerable to PHP Magic Hash Vulnerability High
CVE-2020-23355 was published for codiad/codiad (Composer) May 24, 2022
Moodle Oauth 2 Insufficiently Protects Against Compromise Critical
CVE-2019-14880 was published for moodle/moodle (Composer) May 24, 2022
Dolibarr Improper Restriction of Excessive Authentication Attempts Critical
CVE-2020-7995 was published for dolibarr/dolibarr (Composer) May 24, 2022
Magento Broken authentication and session managememt Moderate
CVE-2019-8108 was published for magento/community-edition (Composer) May 24, 2022
Symfony Allows URI Restrictions Bypass Via Double-Encoded String Moderate
CVE-2012-6431 was published for symfony/http-foundation (Composer) May 17, 2022
TYPO3 Improper Session Invalidation Moderate
CVE-2014-3944 was published for typo3/cms (Composer) May 17, 2022
GeniXCMS Arbitrary User Password Reset Vulnerability Critical
CVE-2017-8827 was published for genix/cms (Composer) May 17, 2022
Zend Access Restriction Bypass Moderate
CVE-2014-8088 was published for zendframework/zendframework (Composer) May 17, 2022
Symfony Authentication Bypass Critical
CVE-2018-11407 was published for symfony/security (Composer) May 14, 2022
Symfony Authentication Bypass Critical
CVE-2016-2403 was published for symfony/security (Composer) May 14, 2022
Unauthenticated File Read in PHP Proxy High
CVE-2018-19458 was published for athlon1600/php-proxy-app (Composer) May 14, 2022
Dolibarr allows password changes without supplying the current password Moderate
CVE-2017-8879 was published for dolibarr/dolibarr (Composer) May 13, 2022
Moodle Improper Authentication High
CVE-2018-1082 was published for moodle/moodle (Composer) May 13, 2022
Mediawiki BotPassword can bypass CentralAuth's account lock Moderate
CVE-2018-0505 was published for mediawiki/core (Composer) May 13, 2022
ThinkAdmin Administrator cookies still working after password change Critical
CVE-2019-11018 was published for zoujingli/thinkadmin (Composer) May 13, 2022
Moodle Users Can Bypass Deleted Status Moderate
CVE-2012-0797 was published for moodle/moodle (Composer) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database