GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
70 advisories
Filter by severity
Powermail TYPO3 extension Broken Access Control in the OutputController
Moderate
CVE-2024-45233
was published
for
in2code/powermail
(Composer)
Aug 29, 2024
Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api
Moderate
CVE-2024-42354
was published
for
shopware/core
(Composer)
Aug 8, 2024
FriendlyCaptcha Plugin for TYPO3 Captcha Check Bypass
Moderate
CVE-2024-38873
was published
for
studiomitte/friendlycaptcha
(Composer)
Jun 21, 2024
Moodle BigBlueButton web service leaks meeting joining information
Moderate
CVE-2024-38273
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
Magento Open Source Improper Access Control vulnerability
Moderate
CVE-2024-34107
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
OpenID Connect Authentication (oidc) Typo3 extension Authentication Bypass
Moderate
CVE-2024-30173
was published
for
causal/oidc
(Composer)
Apr 2, 2024
Improper Access Control in moodle
Moderate
CVE-2024-25980
was published
for
moodle/moodle
(Composer)
Feb 19, 2024
Improper Access Control in moodle
Moderate
CVE-2024-25981
was published
for
moodle/moodle
(Composer)
Feb 19, 2024
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
Moderate
CVE-2024-25120
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module
Moderate
CVE-2024-24751
was published
for
derhansen/sf_event_mgt
(Composer)
Feb 13, 2024
Moodle Improper Access Control vulnerability
Moderate
CVE-2024-1439
was published
for
moodle/moodle
(Composer)
Feb 12, 2024
phpMyFAQ User Removal Page Allows Spoofing Of User Details
Moderate
CVE-2024-22202
was published
for
phpmyfaq/phpmyfaq
(Composer)
Feb 5, 2024
Broken Access Control order API in Shopware
Moderate
CVE-2024-22407
was published
for
shopware/core
(Composer)
Jan 17, 2024
Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts
Moderate
CVE-2024-21667
was published
for
pimcore/customer-management-framework-bundle
(Composer)
Jan 10, 2024
Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list
Moderate
CVE-2024-21666
was published
for
pimcore/customer-management-framework-bundle
(Composer)
Jan 10, 2024
Pimcore Ecommerce Framework Bundle Improper Access Control allows unprivileged user to access back-office orders list
Moderate
CVE-2024-21665
was published
for
pimcore/ecommerce-framework-bundle
(Composer)
Jan 10, 2024
OroCommerce get-totals-for-checkout API endpoint returns unwanted data
Moderate
CVE-2023-32065
was published
for
oro/commerce
(Composer)
Nov 27, 2023
OroCommerce Customer Portal Incorrect Customer and Customer Group Frontend Menus pages visibility
Moderate
CVE-2023-32064
was published
for
oro/customer-portal
(Composer)
Nov 27, 2023
OroCRMCallBundle has incorrect call view page visibility
Moderate
CVE-2023-32063
was published
for
oro/crm-call-bundle
(Composer)
Nov 27, 2023
OroCalendarBundle has incorrect system calendar events visibility
Moderate
CVE-2023-32062
was published
for
oro/calendar-bundle
(Composer)
Nov 27, 2023
Microweber Improper Access Control vulnerability
Moderate
CVE-2023-5976
was published
for
microweber/microweber
(Composer)
Nov 14, 2023
Moodle Improper Access Control vulnerability
Moderate
CVE-2023-5549
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
Moodle Improper Access Control vulnerability
Moderate
CVE-2023-5542
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
Any value can be changed in the configuration table by an employee having access to block reassurance module
Moderate
CVE-2023-47110
was published
for
prestashop/blockreassurance
(Composer)
Nov 9, 2023
Easy!Appointments Improper Access Control vulnerability
Moderate
CVE-2023-3700
was published
for
alextselegidis/easyappointments
(Composer)
Jul 17, 2023
ProTip!
Advisories are also available from the
GraphQL API