GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
38 advisories
Filter by severity
Firewall configured with unanimous strategy was not actually unanimous in Symfony
High
CVE-2020-5275
was published
for
symfony/security
(Composer)
Mar 30, 2020
Improper Authorization in librenms
High
CVE-2022-0587
was published
for
librenms/librenms
(Composer)
Feb 16, 2022
Moodle all messaging conversations could be viewed
High
CVE-2019-10154
was published
for
moodle/moodle
(Composer)
May 24, 2022
Magento Insufficient authorization check when adding users to company accounts
Moderate
CVE-2019-7872
was published
for
magento/community-edition
(Composer)
May 24, 2022
Moodle Email media URL tokens were not checking for user status
Moderate
CVE-2019-14883
was published
for
moodle/moodle
(Composer)
May 24, 2022
Magento incorrect permissions vulnerability in the Integrations component
Moderate
CVE-2020-24402
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento incorrect user permissions vulnerability within the Inventory component
Low
CVE-2020-24403
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition vulnerable to Improper Authorization
Low
CVE-2020-24404
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento incorrect permissions vulnerability in the Inventory module
Moderate
CVE-2020-24405
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Insecure Direct Object Reference (IDOR) in the product module
Moderate
CVE-2021-21022
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento improper authorization vulnerability in the integrations module
Moderate
CVE-2021-21026
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Unauthorized access to restricted resources
Moderate
CVE-2021-28563
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Improper Authorization vulnerability in the customers module
Moderate
CVE-2021-28567
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Improper Authorization vulnerability
High
CVE-2022-34256
was published
for
magento/community-edition
(Composer)
Aug 17, 2022
Froxlor Improper Authorization vulnerability
Moderate
CVE-2022-4868
was published
for
froxlor/froxlor
(Composer)
Dec 31, 2022
Improper Authorization in grumpydictator/firefly-iii
Moderate
CVE-2023-0298
was published
for
grumpydictator/firefly-iii
(Composer)
Jan 14, 2023
Withdrawn: wallabag subject to Improper Authorization
Moderate
GHSA-h45f-rjvw-2rv2
was published
for
wallabag/wallabag
(Composer)
Feb 1, 2023
•
withdrawn
Withdrawn: wallabag subject to Improper Authorization via annotations
Moderate
GHSA-xrw3-wqph-3fxg
was published
for
wallabag/wallabag
(Composer)
Feb 1, 2023
•
withdrawn
Symfony storing cookie headers in HttpCache
Moderate
CVE-2022-24894
was published
for
symfony/http-kernel
(Composer)
Feb 1, 2023
wallabag contains Improper Authorization via export feature
Moderate
CVE-2023-0609
was published
for
wallabag/wallabag
(Composer)
Feb 2, 2023
Pixelfed may allow unauthorized actor to view private posts
Moderate
CVE-2023-0914
was published
for
pixelfed/pixelfed
(Composer)
Feb 19, 2023
Wallabag Improper Authorization vulnerability
Moderate
CVE-2023-0734
was published
for
wallabag/wallabag
(Composer)
Mar 5, 2023
Improper Authorization in nilsteampassnet/teampass
Moderate
CVE-2023-1463
was published
for
nilsteampassnet/teampass
(Composer)
Mar 17, 2023
Moodle may allow students to bypass sequential navigation during a quiz attempt
Moderate
CVE-2022-40208
was published
for
moodle/moodle
(Composer)
Mar 24, 2023
Pimcore Customer Management Framework vulnerable to Improper Authorization in Rules Controller
Moderate
CVE-2023-3574
was published
for
pimcore/customer-management-framework-bundle
(Composer)
Jul 10, 2023
ProTip!
Advisories are also available from the
GraphQL API