Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,978
Maven
5,000+
npm
3,698
NuGet
656
pip
3,315
Pub
11
RubyGems
882
Rust
832
Swift
35
Unreviewed advisories
All unreviewed
5,000+

50 advisories

Loading
Improper authentication in Symfony High
CVE-2019-10911 was published for symfony/security (Composer) Feb 12, 2020
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS High
CVE-2020-15098 was published for typo3/cms (Composer) Jul 29, 2020
ohader
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS High
CVE-2020-15099 was published for typo3/cms (Composer) Jul 29, 2020
ohader
Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID High
CVE-2018-10189 was published for mautic/core (Composer) Jan 19, 2021
micschk
Private files publicly accessible with Cloud Storage providers High
GHSA-vrf2-xghr-j52v was published for shopware/core (Composer) Jun 28, 2021
Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2021-32717 was published for shopware/platform (Composer) Sep 8, 2021
Any storage file can be downloaded from p.sh if full server path is known High
GHSA-gqcf-83rq-gpfr was published for ibexa/post-install (Composer) Sep 14, 2021
Any storage file can be downloaded from p.sh if full server path is known High
GHSA-2rh5-jvgx-pgw3 was published for ezsystems/ezplatform (Composer) Sep 14, 2021
Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS High
CVE-2021-41120 was published for sylius/paypal-plugin (Composer) Oct 6, 2021
Unrestricted access to predictable file paths in hov/jobfair High
CVE-2021-43564 was published for hov/jobfair (Composer) Nov 15, 2021
Exposure of Sensitive Information to an Unauthorized Actor in microweber High
CVE-2022-0281 was published for microweber/microweber (Composer) Jan 21, 2022
Exposure of Sensitive Information to an Unauthorized Actor in PhpMyAdmin High
CVE-2022-0813 was published for phpmyadmin/phpmyadmin (Composer) Mar 11, 2022
Moodle uses predictable password-recovery tokens High
CVE-2015-5267 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
October CMS Local File Inclusion High
CVE-2018-1999009 was published for october/october (Composer) May 13, 2022
LFI in PHP-Proxy 5.1.0 High
CVE-2018-19246 was published for athlon1600/php-proxy (Composer) May 14, 2022
Drupal Comment reply form allows access to restricted content High
CVE-2017-6926 was published for drupal/core (Composer) May 14, 2022
Dolibarr sensitive information disclosure High
CVE-2017-17898 was published for dolibarr/dolibarr (Composer) May 14, 2022
Zend Framework Information Disclosure High
CVE-2015-7503 was published for zendframework/zend-crypt (Composer) May 17, 2022
Dolibarr ERP and CRM Sensitive Data Disclosure High
CVE-2017-14240 was published for dolibarr/dolibarr (Composer) May 17, 2022
phpBB vulnerable to sensitive information disclosure High
CVE-2008-6507 was published for phpbb/phpbb (Composer) May 17, 2022
Rudloff
Wikimedia information leak vulnerability High
CVE-2019-12474 was published for mediawiki/core (Composer) May 24, 2022
Magento 2 Community Edition Information Leak High
CVE-2019-7951 was published for magento/community-edition (Composer) May 24, 2022
Gravity Forms plugin leak hashed passwords High
CVE-2020-13764 was published for wp-premium/gravityforms (Composer) May 24, 2022
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation High
CVE-2020-13700 was published for airesvsg/acf-to-rest-api (Composer) May 24, 2022
MarkLee131
Magento defense-in-depth security mitigation vulnerability High
CVE-2020-9591 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database