GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
Flarum notifications can leak restricted content
Moderate
CVE-2023-22488
was published
for
flarum/core
(Composer)
Jan 10, 2023
snipe-it is vulnerable to Improper Access Control
Moderate
CVE-2021-4089
was published
for
snipe/snipe-it
(Composer)
Dec 16, 2021
Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.
Moderate
CVE-2020-15247
was published
for
october/cms
(Composer)
Nov 23, 2020
Bypass of fix for CVE-2020-26231, Twig sandbox escape
Moderate
CVE-2021-21264
was published
for
october/cms
(Composer)
May 4, 2021
Missing Authorization in TYPO3 extension
Moderate
CVE-2020-12698
was published
for
directmailteam/direct-mail
(Composer)
Jul 26, 2021
Missing Authorization in TYPO3 extension
Moderate
CVE-2020-12700
was published
for
directmailteam/direct-mail
(Composer)
Jul 26, 2021
Missing Authorization in DayByDay CRM
Moderate
CVE-2022-22108
was published
for
bottelet/flarepoint
(Composer)
Jan 8, 2022
Missing Authorization in DayByDay CRM
Moderate
CVE-2022-22107
was published
for
bottelet/flarepoint
(Composer)
Jan 8, 2022
Missing Authorization in Crater Invoice
Moderate
CVE-2022-0203
was published
for
bytefury/crater
(Composer)
Jan 27, 2022
Incorrect Default Permissions and Improper Access Control in snipe-it
Moderate
CVE-2022-0179
was published
for
snipe/snipe-it
(Composer)
Jan 21, 2022
Improper Access Control in snipe/snipe-it
Moderate
CVE-2022-1511
was published
for
snipe/snipe-it
(Composer)
Apr 29, 2022
PrestaShop has potential Information exposure in the upload directory
Moderate
CVE-2022-46158
was published
for
prestashop/prestashop
(Composer)
Dec 8, 2022
Improper Access Control in snipe-it
Moderate
CVE-2022-0178
was published
for
snipe/snipe-it
(Composer)
Jan 26, 2022
Improper Privilege Management in Snipe-IT
Moderate
CVE-2022-0579
was published
for
snipe/snipe-it
(Composer)
Feb 15, 2022
Exposure of Sensitive Information to an Unauthorized Actor in librenms
Moderate
CVE-2022-0588
was published
for
librenms/librenms
(Composer)
Feb 16, 2022
Dolibarr Improper Input Validation vulnerability
Moderate
CVE-2023-4198
was published
for
dolibarr/dolibarr
(Composer)
Nov 1, 2023
Missing permission check of canView in GridFieldPrintButton
Moderate
CVE-2023-22728
was published
for
silverstripe/framework
(Composer)
Apr 26, 2023
Missing Authorization in Drupal
Moderate
CVE-2017-6923
was published
for
drupal/core
(Composer)
Oct 10, 2019
Ability to switch customer email address on account detail page and stay verified
Moderate
CVE-2020-15245
was published
for
sylius/sylius
(Composer)
Oct 19, 2020
Pimcore Admin Classic Bundle permissions are not getting checked when working with tags
Moderate
CVE-2024-24822
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Feb 7, 2024
Moodle Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-32472
was published
for
moodle/moodle
(Composer)
Mar 12, 2022
Missing permission check in Moodle
Moderate
CVE-2021-20283
was published
for
moodle/moodle
(Composer)
May 24, 2022
Moodle Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-32477
was published
for
moodle/moodle
(Composer)
Mar 12, 2022
Moodle No groups filtering in H5P activity attempts report
Moderate
CVE-2022-40316
was published
for
moodle/moodle
(Composer)
Oct 1, 2022
Moodle Ability to delete glossary entries that belong to another glossary
Moderate
CVE-2019-10187
was published
for
moodle/moodle
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API