Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

40 advisories

Loading
Magento Open Source Incorrect Authorization vulnerability Moderate
CVE-2024-34106 was published for magento/community-edition (Composer) Jun 13, 2024
Silverstripe Reports are still accessible even when `canView()` returns false Moderate
CVE-2024-29885 was published for silverstripe/reports (Composer) Jul 17, 2024
aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records Moderate
CVE-2024-39322 was published for aimeos/ai-admin-jsonadm (Composer) Jul 2, 2024
ssshah2131
TYPO3 Broken Access Control in Import Module Moderate
GHSA-g776-759r-pf6x was published for typo3/cms-core (Composer) May 30, 2024
EC-CUBE Improper access control in Management screen Moderate
CVE-2021-20841 was published for ec-cube/ec-cube (Composer) Nov 25, 2021
Moodle Logged in users could view all calendar events Moderate
CVE-2019-3848 was published for moodle/moodle (Composer) May 13, 2022
Moodle Bypass email verification secret when confirming account registration Moderate
CVE-2021-20282 was published for moodle/moodle (Composer) May 24, 2022
Moodle Incorrect Authorization Moderate
CVE-2021-40692 was published for moodle/moodle (Composer) Sep 30, 2022
Missing permission check in Moodle Moderate
CVE-2021-20283 was published for moodle/moodle (Composer) May 24, 2022
Sulu grants access to pages regardless of role permissions Moderate
CVE-2024-27915 was published for sulu/sulu (Composer) Mar 4, 2024
SilverStripe GraphQL Server permission checker not inherited by query subclass. Moderate
CVE-2021-28661 was published for silverstripe/graphql (Composer) Oct 12, 2021
phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes Moderate
CVE-2024-22208 was published for phpmyfaq/phpmyfaq (Composer) Feb 5, 2024
PinkDraconian
View permissions are bypassed for paginated lists of ORM data Moderate
CVE-2023-44401 was published for silverstripe/graphql (Composer) Jan 23, 2024
No permission checks for editing/deleting records with CSV import form Moderate
CVE-2023-49783 was published for silverstripe/admin (Composer) Jan 23, 2024
GuySartorelli
Magento Improper Authorization vulnerability in the customers module Moderate
CVE-2021-28567 was published for magento/community-edition (Composer) May 24, 2022
Magento security mitigation bypass vulnerability Moderate
CVE-2020-9692 was published for magento/community-edition (Composer) May 24, 2022
WooCommerce Incorrect Authorization Moderate
CVE-2020-29156 was published for woocommerce/woocommerce (Composer) May 24, 2022
Access bypass in Drupal core Moderate
CVE-2022-25274 was published for drupal/core (Composer) Apr 26, 2023
Pimcore Customer Management Framework vulnerable to Improper Authorization in Rules Controller Moderate
CVE-2023-3574 was published for pimcore/customer-management-framework-bundle (Composer) Jul 10, 2023
aqngoc
Incorrect Authorization in Drupal core Moderate
CVE-2020-13676 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607
Moodle allowed some users without permission to view other users' full names Moderate
CVE-2021-20281 was published for moodle/moodle (Composer) Mar 29, 2021
Improper Authentication in moodle Moderate
CVE-2022-0985 was published for moodle/moodle (Composer) Apr 30, 2022
Privilage Escalation in moodle Moderate
CVE-2020-25701 was published for moodle/moodle (Composer) Mar 29, 2021
Magento 2 Community Edition Incorrect Authorization Moderate
CVE-2020-24401 was published for magento/community-edition (Composer) May 24, 2022
Exposure of Resource to Wrong Sphere in microweber Moderate
CVE-2022-0762 was published for microweber/microweber (Composer) Feb 27, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database