GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,218
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
76 advisories
Filter by severity
phpMyFAQ Improper Authentication vulnerability
Critical
CVE-2023-0311
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification
High
CVE-2021-41129
was published
for
pterodactyl/panel
(Composer)
Oct 4, 2021
Account Takeover in Octobercms
High
CVE-2021-32648
was published
for
october/system
(Composer)
Aug 30, 2021
Incorrect Access Control in ImpressCMS
Moderate
CVE-2021-26598
was published
for
impresscms/impresscms
(Composer)
Mar 29, 2022
Deleted Admin Can Sign In to Admin Interface
High
CVE-2021-41126
was published
for
october/october
(Composer)
Oct 6, 2021
TYPO3 CMS missing check for expiration time of password reset token for backend users
Moderate
CVE-2022-36106
was published
for
typo3/cms
(Composer)
Sep 16, 2022
Unpublished, protected files can be published via shortcode
Moderate
CVE-2022-29858
was published
for
silverstripe/assets
(Composer)
Jun 29, 2022
October CMS auth bypass and account takeover
High
CVE-2021-29487
was published
for
october/system
(Composer)
Aug 30, 2021
Dolibarr vulnerable to Improper Authentication and Improper Access Control
High
CVE-2021-25956
was published
for
dolibarr/dolibarr
(Composer)
Sep 2, 2021
CodeIgniter4 Potential Session Handlers Vulnerability
High
CVE-2022-46170
was published
for
codeigniter4/framework
(Composer)
Dec 22, 2022
TYPO3 CMS vulnerable to Weak Authentication in Frontend Login
Moderate
CVE-2022-23501
was published
for
typo3/cms
(Composer)
Dec 13, 2022
Snipe-IT vulnerable to Improper Authentication
Moderate
CVE-2022-3173
was published
for
snipe/snipe-it
(Composer)
Sep 18, 2022
Improper authentication in Symfony
High
CVE-2019-10911
was published
for
symfony/security
(Composer)
Feb 12, 2020
Authentication bypass in MAGMI
Critical
CVE-2020-5777
was published
for
dweeves/magmi
(Composer)
May 6, 2021
Unauthenticated SQL Injection in Cachet
High
CVE-2021-39165
was published
for
cachethq/cachet
(Composer)
Aug 30, 2021
Authentication Bypass in ADOdb/ADOdb
Critical
CVE-2021-3850
was published
for
adodb/adodb-php
(Composer)
Jan 27, 2022
Concrete CMS vulnerable to Improper Authentication
Moderate
CVE-2022-43690
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
Incorrect Authentication in shopware
Moderate
CVE-2022-24748
was published
for
shopware/core
(Composer)
Mar 10, 2022
Unauthenticated File Read in PHP Proxy
High
CVE-2018-19458
was published
for
athlon1600/php-proxy-app
(Composer)
May 14, 2022
Cockpit Content Platform vulnerable to 2FA bypass
High
CVE-2022-2818
was published
for
cockpit-hq/cockpit
(Composer)
Aug 16, 2022
Disabled users able to log in with third party SSO plugin
High
CVE-2017-1000489
was published
for
mautic/core
(Composer)
Jan 19, 2021
Improper Authentication in moodle
Moderate
CVE-2022-0985
was published
for
moodle/moodle
(Composer)
Apr 30, 2022
Showdoc File Upload Vulnerability
Critical
CVE-2021-41745
was published
for
showdoc/showdoc
(Composer)
Oct 25, 2021
Moodle Oauth 2 Insufficiently Protects Against Compromise
Critical
CVE-2019-14880
was published
for
moodle/moodle
(Composer)
May 24, 2022
TYPO3 extension femanager Broken Access Control vulnerability
Moderate
CVE-2023-45023
was published
for
in2code/femanager
(Composer)
Oct 4, 2023
ProTip!
Advisories are also available from the
GraphQL API