GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
27 advisories
Filter by severity
Private data exposure via REST API in BuddyPress
High
CVE-2020-5244
was published
for
buddypress/buddypress
(Composer)
Feb 24, 2020
Improper Access Control in moodle
High
CVE-2020-25698
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Dolibarr vulnerable to Improper Authentication and Improper Access Control
High
CVE-2021-25956
was published
for
dolibarr/dolibarr
(Composer)
Sep 2, 2021
User can obtain JWT token even if account is disabled
High
GHSA-36mj-6r7r-mqhf
was published
for
ezsystems/ezplatform-rest
(Composer)
Sep 29, 2021
Drupal core access bypass vulnerability
High
CVE-2020-13677
was published
for
drupal/core
(Composer)
Feb 12, 2022
Improper Access Control in librenms
High
CVE-2022-0580
was published
for
librenms/librenms
(Composer)
Feb 16, 2022
Exposure of Resource to Wrong Sphere in ThinkPHP Framework
High
CVE-2022-25481
was published
for
topthink/framework
(Composer)
Mar 22, 2022
Incorrect Authorization in microweber
High
CVE-2022-1631
was published
for
microweber/microweber
(Composer)
May 10, 2022
Drupal access bypass vulnerability
High
CVE-2017-6930
was published
for
drupal/core
(Composer)
May 13, 2022
Drupal access control bypass vulnerability
High
CVE-2017-6919
was published
for
drupal/core
(Composer)
May 13, 2022
Drupal Node Validation Bypass in the node module API
High
CVE-2008-4793
was published
for
drupal/drupal
(Composer)
May 17, 2022
Drupal File upload access bypass and denial of service
High
CVE-2016-3162
was published
for
drupal/core
(Composer)
May 17, 2022
Drupal Form API ignores access restrictions on submit buttons
High
CVE-2016-3165
was published
for
drupal/core
(Composer)
May 17, 2022
Drupal Access Control Bypass
High
CVE-2011-2687
was published
for
drupal/core
(Composer)
May 17, 2022
TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism
High
CVE-2010-3714
was published
for
typo3/cms
(Composer)
May 17, 2022
MediaWiki Incorrect Access Control vulnerability
High
CVE-2019-12472
was published
for
mediawiki/core
(Composer)
May 24, 2022
Moodle incorrect access control
High
CVE-2020-25629
was published
for
moodle/moodle
(Composer)
May 24, 2022
Magento Improper Access Control vulnerability
High
CVE-2022-34255
was published
for
magento/community-edition
(Composer)
Aug 17, 2022
Flarum post mentions can be used to read any post on the forum without access control
High
CVE-2023-22487
was published
for
flarum/mentions
(Composer)
Jan 10, 2023
Moodle Improper Access Control vulnerability
High
CVE-2023-23923
was published
for
moodle/moodle
(Composer)
Feb 17, 2023
RosarioSIS Improper Access Control vulnerability
High
CVE-2023-0994
was published
for
francoisjacquet/rosariosis
(Composer)
Feb 24, 2023
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
High
CVE-2024-25121
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
Dolibarr vulnerable to Cross-Site Request Forgery
High
CVE-2024-31503
was published
for
dolibarr/dolibarr
(Composer)
Apr 17, 2024
BookStack Incorrect Access Control vulnerability
High
CVE-2024-36676
was published
for
ssddanbrown/bookstack
(Composer)
Jul 10, 2024
Studio 42 elFinder vulnerable to Incorrect Access Control
High
CVE-2024-38909
was published
for
studio-42/elfinder
(Composer)
Jul 30, 2024
ProTip!
Advisories are also available from the
GraphQL API