GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
73 advisories
Filter by severity
Kirby has insufficient permission checks in the language settings
High
CVE-2024-41964
was published
for
getkirby/cms
(Composer)
Aug 29, 2024
Magento Open Source Incorrect Authorization vulnerability
Moderate
CVE-2024-34106
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
Silverstripe Reports are still accessible even when `canView()` returns false
Moderate
CVE-2024-29885
was published
for
silverstripe/reports
(Composer)
Jul 17, 2024
aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services
Low
CVE-2024-39324
was published
for
aimeos/ai-admin-graphql
(Composer)
Jul 2, 2024
aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records
Moderate
CVE-2024-39322
was published
for
aimeos/ai-admin-jsonadm
(Composer)
Jul 2, 2024
aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account
High
CVE-2024-39323
was published
for
aimeos/ai-admin-graphql
(Composer)
Jul 2, 2024
TYPO3 Broken Access Control in Import Module
Moderate
GHSA-g776-759r-pf6x
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Silverstripe SiteTree Creation Permission Vulnerability
High
GHSA-3mm9-2p44-rw39
was published
for
silverstripe/cms
(Composer)
May 22, 2024
Drupal editor module incorrectly checks access to inline private files
High
CVE-2017-6377
was published
for
drupal/core
(Composer)
May 13, 2022
EC-CUBE Improper access control in Management screen
Moderate
CVE-2021-20841
was published
for
ec-cube/ec-cube
(Composer)
Nov 25, 2021
Incorrect Authorization in Dolibarr
High
CVE-2020-12669
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Moodle Logged in users could view all calendar events
Moderate
CVE-2019-3848
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Bypass email verification secret when confirming account registration
Moderate
CVE-2021-20282
was published
for
moodle/moodle
(Composer)
May 24, 2022
Moodle Incorrect Authorization
Moderate
CVE-2021-40692
was published
for
moodle/moodle
(Composer)
Sep 30, 2022
Missing permission check in Moodle
Moderate
CVE-2021-20283
was published
for
moodle/moodle
(Composer)
May 24, 2022
Drupal Core Access bypass vulnerability
Critical
CVE-2020-13665
was published
for
drupal/core
(Composer)
May 24, 2022
Magento Improper input validation vulnerability
High
CVE-2022-42344
was published
for
magento/community-edition
(Composer)
Oct 20, 2022
Dusk plugin may allow unfettered user authentication in misconfigured installs
High
CVE-2024-32003
was published
for
winter/wn-dusk-plugin
(Composer)
Apr 12, 2024
Sulu grants access to pages regardless of role permissions
Moderate
CVE-2024-27915
was published
for
sulu/sulu
(Composer)
Mar 4, 2024
SilverStripe GraphQL Server permission checker not inherited by query subclass.
Moderate
CVE-2021-28661
was published
for
silverstripe/graphql
(Composer)
Oct 12, 2021
phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes
Moderate
CVE-2024-22208
was published
for
phpmyfaq/phpmyfaq
(Composer)
Feb 5, 2024
View permissions are bypassed for paginated lists of ORM data
Moderate
CVE-2023-44401
was published
for
silverstripe/graphql
(Composer)
Jan 23, 2024
No permission checks for editing/deleting records with CSV import form
Moderate
CVE-2023-49783
was published
for
silverstripe/admin
(Composer)
Jan 23, 2024
Magento Improper Authorization vulnerability in the customers module
Moderate
CVE-2021-28567
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Improper Access Control vulnerability
High
CVE-2022-34255
was published
for
magento/community-edition
(Composer)
Aug 17, 2022
ProTip!
Advisories are also available from the
GraphQL API