GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
Moodle's IDOR in badges allows deletion of arbitrary badges
Moderate
CVE-2024-43431
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
TYPO3 Information Disclosure in Backend User Interface
Moderate
GHSA-rv8r-8mh5-5376
was published
for
typo3/cms-core
(Composer)
May 30, 2024
SimpleSAMLphp Information Disclosure vulnerability
Moderate
GHSA-ppm4-r2vc-pg74
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
silverstripe/framework missing ACL on reports
Moderate
GHSA-52cx-hpc5-cxwc
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Pimcore Admin Classic Bundle permissions are not getting checked when working with tags
Moderate
CVE-2024-24822
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Feb 7, 2024
Dolibarr Improper Input Validation vulnerability
Moderate
CVE-2023-4198
was published
for
dolibarr/dolibarr
(Composer)
Nov 1, 2023
Missing permission check of canView in GridFieldPrintButton
Moderate
CVE-2023-22728
was published
for
silverstripe/framework
(Composer)
Apr 26, 2023
Flarum notifications can leak restricted content
Moderate
CVE-2023-22488
was published
for
flarum/core
(Composer)
Jan 10, 2023
PrestaShop has potential Information exposure in the upload directory
Moderate
CVE-2022-46158
was published
for
prestashop/prestashop
(Composer)
Dec 8, 2022
Moodle No groups filtering in H5P activity attempts report
Moderate
CVE-2022-40316
was published
for
moodle/moodle
(Composer)
Oct 1, 2022
Missing permission check in Moodle
Moderate
CVE-2021-20283
was published
for
moodle/moodle
(Composer)
May 24, 2022
Moodle Email media URL tokens were not checking for user status
Moderate
CVE-2019-14883
was published
for
moodle/moodle
(Composer)
May 24, 2022
MediaWiki information disclosure
Moderate
CVE-2019-16738
was published
for
mediawiki/core
(Composer)
May 24, 2022
Moodle Ability to delete glossary entries that belong to another glossary
Moderate
CVE-2019-10187
was published
for
moodle/moodle
(Composer)
May 24, 2022
Improper Access Control in snipe/snipe-it
Moderate
CVE-2022-1511
was published
for
snipe/snipe-it
(Composer)
Apr 29, 2022
Moodle Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-32477
was published
for
moodle/moodle
(Composer)
Mar 12, 2022
Moodle Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-32472
was published
for
moodle/moodle
(Composer)
Mar 12, 2022
EC-CUBE improperly handles HTTP Host header values
Moderate
CVE-2022-25355
was published
for
ec-cube/ec-cube
(Composer)
Feb 25, 2022
Exposure of Sensitive Information to an Unauthorized Actor in librenms
Moderate
CVE-2022-0588
was published
for
librenms/librenms
(Composer)
Feb 16, 2022
Improper Privilege Management in Snipe-IT
Moderate
CVE-2022-0579
was published
for
snipe/snipe-it
(Composer)
Feb 15, 2022
Missing Authorization in Crater Invoice
Moderate
CVE-2022-0203
was published
for
bytefury/crater
(Composer)
Jan 27, 2022
Improper Access Control in snipe-it
Moderate
CVE-2022-0178
was published
for
snipe/snipe-it
(Composer)
Jan 26, 2022
Incorrect Default Permissions and Improper Access Control in snipe-it
Moderate
CVE-2022-0179
was published
for
snipe/snipe-it
(Composer)
Jan 21, 2022
Missing Authorization in DayByDay CRM
Moderate
CVE-2022-22107
was published
for
bottelet/flarepoint
(Composer)
Jan 8, 2022
Missing Authorization in DayByDay CRM
Moderate
CVE-2022-22108
was published
for
bottelet/flarepoint
(Composer)
Jan 8, 2022
ProTip!
Advisories are also available from the
GraphQL API