Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

32 advisories

Loading
events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability Moderate
CVE-2024-38874 was published for jweiland/events2 (Composer) Jun 21, 2024
iepn
SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation Moderate
GHSA-g4hp-pfvf-vm5w was published for silverstripe/framework (Composer) May 23, 2024
Reportico affected by Incorrect Access Control Moderate
CVE-2023-48865 was published for reportico-web/reportico (Composer) Apr 12, 2024
Authorization Bypass in moodle Low
CVE-2024-25983 was published for moodle/moodle (Composer) Feb 19, 2024
Moodle Cross-site Scripting vulnerability Moderate
CVE-2023-5544 was published for moodle/moodle (Composer) Nov 9, 2023
Economizzer Insecure Direct Object Reference vulnerability Low
CVE-2023-38872 was published for gugoan/economizzer (Composer) Sep 28, 2023
Easy!Appointments Improper Access Control vulnerability Moderate
CVE-2023-3700 was published for alextselegidis/easyappointments (Composer) Jul 17, 2023
Moodle may allow authenticated users to enumerate other user's names via learning plans page Moderate
CVE-2023-28334 was published for moodle/moodle (Composer) Mar 23, 2023
Improper Authorization in nilsteampassnet/teampass Moderate
CVE-2023-1463 was published for nilsteampassnet/teampass (Composer) Mar 17, 2023
Moodle has Incorrect Default Permissions Moderate
CVE-2021-36400 was published for moodle/moodle (Composer) Mar 7, 2023
Magento Improper input validation vulnerability High
CVE-2022-42344 was published for magento/community-edition (Composer) Oct 20, 2022
Known v1.3.1 contains Insecure Direct Object Reference Moderate
CVE-2022-30852 was published for idno/known (Composer) Jul 9, 2022
JetPack Exposure of Resource to Wrong Sphere Moderate
CVE-2021-24374 was published for automattic/jetpack (Composer) May 24, 2022
Magento Insecure Direct Object Reference (IDOR) in the product module Moderate
CVE-2021-21022 was published for magento/community-edition (Composer) May 24, 2022
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation High
CVE-2020-13700 was published for airesvsg/acf-to-rest-api (Composer) May 24, 2022
MarkLee131
Magento 2 Community Edition Access Control Bypass High
CVE-2019-7950 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition IDOR Vulnerability High
CVE-2019-7890 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition IDOR Vulnerability High
CVE-2019-7854 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition IDOR Vulnerability Moderate
CVE-2019-7864 was published for magento/community-edition (Composer) May 24, 2022
EC-CUBE vulnerable to authorization bypass Moderate
CVE-2014-0808 was published for ec-cube/ec-cube (Composer) May 17, 2022
Gleez CMS Vulnerability Allows Forced Browsing to Profile Page of Other Users Moderate
CVE-2018-16704 was published for gleez/cms (Composer) May 13, 2022
Improper Authorization in dolibarr/dolibarr Moderate
CVE-2022-0731 was published for dolibarr/dolibarr (Composer) Feb 24, 2022
Authorization Bypass Through User-Controlled Key in LiveHelperChat Moderate
CVE-2022-0266 was published for remdex/livehelperchat (Composer) Jan 21, 2022
elgg is vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2021-3964 was published for elgg/elgg (Composer) Dec 3, 2021
kimai2 is vulnerable to Improper Access Control Moderate
CVE-2021-3992 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
ProTip! Advisories are also available from the GraphQL API