Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

96 advisories

Loading
Private data exposure via REST API in BuddyPress High
CVE-2020-5244 was published for buddypress/buddypress (Composer) Feb 24, 2020
User can obtain JWT token even if account is disabled High
GHSA-36mj-6r7r-mqhf was published for ezsystems/ezplatform-rest (Composer) Sep 29, 2021
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4194 was published for ssddanbrown/bookstack (Composer) Jan 8, 2022
Flarum post mentions can be used to read any post on the forum without access control High
CVE-2023-22487 was published for flarum/mentions (Composer) Jan 10, 2023
clarkwinkelmann
Dolibarr vulnerable to Improper Authentication and Improper Access Control High
CVE-2021-25956 was published for dolibarr/dolibarr (Composer) Sep 2, 2021
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4026 was published for ssddanbrown/bookstack (Composer) Dec 1, 2021
kimai2 is vulnerable to Improper Access Control Moderate
CVE-2021-3992 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
snipe-it is vulnerable to Improper Access Control Moderate
CVE-2021-4089 was published for snipe/snipe-it (Composer) Dec 16, 2021
BookStack is vulnerable to Improper Access Control. Moderate
CVE-2021-4119 was published for ssddanbrown/bookstack (Composer) Dec 16, 2021
easyii CMS's File Upload Management vulnerable to unrestricted upload Critical
CVE-2022-3771 was published for noumo/easyii (Composer) Oct 31, 2022
Improper Access Control in wp-graphql Moderate
CVE-2019-25060 was published for wp-graphql/wp-graphql (Composer) May 10, 2022
Incorrect Authorization in microweber High
CVE-2022-1631 was published for microweber/microweber (Composer) May 10, 2022
Incorrect Access Control vulnerability in api-platform/core Moderate
CVE-2019-1000011 was published for api-platform/core (Composer) Oct 14, 2019
Improper Access Control in Dolibarr Moderate
CVE-2021-25954 was published for dolibarr/dolibarr (Composer) Aug 11, 2021
Missing Authorization in Crater Invoice Moderate
CVE-2022-0203 was published for bytefury/crater (Composer) Jan 27, 2022
Unrestricted Upload of File with Dangerous Type in Drupal core Critical
CVE-2020-13675 was published for drupal/core (Composer) Feb 12, 2022
Moodle Improper Access Control vulnerability High
CVE-2023-23923 was published for moodle/moodle (Composer) Feb 17, 2023
RosarioSIS Improper Access Control vulnerability High
CVE-2023-0994 was published for francoisjacquet/rosariosis (Composer) Feb 24, 2023
thorsten/phpmyfaq vulnerable to improper access control Moderate
CVE-2023-1883 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
alextselegidis/easyappointments Improper Access Control vulnerability Moderate
CVE-2023-2104 was published for alextselegidis/easyappointments (Composer) Apr 15, 2023
Incorrect Default Permissions and Improper Access Control in snipe-it Moderate
CVE-2022-0179 was published for snipe/snipe-it (Composer) Jan 21, 2022
Improper Access Control in snipe-it Moderate
CVE-2022-0178 was published for snipe/snipe-it (Composer) Jan 26, 2022
Improper Access Control in librenms High
CVE-2022-0580 was published for librenms/librenms (Composer) Feb 16, 2022
Incorrect Access Control in Ignition Critical
CVE-2021-43996 was published for facade/ignition (Composer) Nov 19, 2021
Moodle incorrect access control High
CVE-2020-25629 was published for moodle/moodle (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API