GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
225 advisories
Filter by severity
Data Leakage Vulnerability in livewire/livewire
Moderate
GHSA-qwvp-268g-jjm8
was published
for
livewire/livewire
(Composer)
May 15, 2024
Read private customer data reclaiming carts in Klaviyo Magento
Moderate
GHSA-hvgw-gg3p-295j
was published
for
klaviyo/magento2-extension
(Composer)
May 15, 2024
eZ Platform User data disclosure
High
GHSA-3g43-xfrw-pv5m
was published
for
ezsystems/repository-forms
(Composer)
May 15, 2024
eZ Publish Information disclosure in backend content tree menu
High
GHSA-cc2j-92jq-wgjg
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
eZ Platform REST API returns list of all SiteAccesses
Moderate
GHSA-9wwx-c723-vm8x
was published
for
ezsystems/ezpublish-kernel
(Composer)
May 15, 2024
endroid/qr-code-bundle File Disclosure via logo_path query parameter
Moderate
GHSA-mvf6-3f2g-xfxf
was published
for
endroid/qr-code-bundle
(Composer)
May 15, 2024
Anonymous PrestaShop customer can download other customers' invoices
Moderate
CVE-2024-34717
was published
for
prestashop/prestashop
(Composer)
May 14, 2024
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController
Moderate
CVE-2024-34358
was published
for
typo3/cms-core
(Composer)
May 14, 2024
MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2024-34080
was published
for
mantisbt/mantisbt
(Composer)
May 13, 2024
Kimai information disclosure vulnerability
Low
CVE-2024-4596
was published
for
kimai/kimai
(Composer)
May 7, 2024
Contao: Possible cookie sharing with external domains while checking protected pages for broken links
High
CVE-2024-28235
was published
for
contao/core-bundle
(Composer)
Apr 9, 2024
Pimcore Preview Documents are not restricted to logged in users anymore
Moderate
CVE-2024-29197
was published
for
pimcore/pimcore
(Composer)
Mar 26, 2024
Storefront user can access history and most viewed data from matching back-office user with the same ID
Moderate
CVE-2023-48296
was published
for
oro/customer-portal
(Composer)
Mar 25, 2024
Pinned entity creation form shows wrong data
Moderate
CVE-2023-45824
was published
for
oro/platform
(Composer)
Mar 25, 2024
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
High
CVE-2024-25121
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
Moderate
CVE-2024-25120
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key
Moderate
CVE-2024-25119
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords
Moderate
CVE-2024-25118
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
Moderate
CVE-2023-48714
was published
for
silverstripe/framework
(Composer)
Jan 23, 2024
Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method
High
CVE-2023-48122
was published
for
microweber/microweber
(Composer)
Dec 8, 2023
Test code in published microsoft-graph-beta package exposes phpinfo()
Moderate
GHSA-7mc6-x925-7qvx
was published
for
microsoft/microsoft-graph-beta
(Composer)
Dec 5, 2023
Test code in published microsoft-graph-core package exposes phpinfo()
Moderate
CVE-2023-49283
was published
for
microsoft/microsoft-graph-core
(Composer)
Dec 5, 2023
Test code in published microsoft-graph package exposes phpinfo()
Moderate
CVE-2023-49282
was published
for
microsoft/microsoft-graph
(Composer)
Dec 5, 2023
LibreNMS has Broken Access control on Graphs Feature
Moderate
CVE-2023-48294
was published
for
librenms/librenms
(Composer)
Nov 17, 2023
Information Disclosure in typo3/cms-install tool
Low
CVE-2023-47126
was published
for
typo3/cms-install
(Composer)
Nov 14, 2023
ProTip!
Advisories are also available from the
GraphQL API