Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

73 advisories

Loading
Improper Access Control in librenms High
CVE-2022-0580 was published for librenms/librenms (Composer) Feb 16, 2022
Incorrect authorization in Drupal core Moderate
CVE-2022-25270 was published for drupal/core (Composer) Feb 18, 2022
Improper Authorization in dolibarr/dolibarr Moderate
CVE-2022-0731 was published for dolibarr/dolibarr (Composer) Feb 24, 2022
Exposure of Resource to Wrong Sphere in microweber Moderate
CVE-2022-0762 was published for microweber/microweber (Composer) Feb 27, 2022
Exposure of Private Personal Information to an Unauthorized Actor in alextselegidis/easyappointments Critical
CVE-2022-0482 was published for alextselegidis/easyappointments (Composer) Mar 10, 2022
Incorrect Authentication in shopware Moderate
CVE-2022-24748 was published for shopware/core (Composer) Mar 10, 2022
Access Control vulnerability in Dolibarr High
CVE-2021-37517 was published for dolibarr/dolibarr (Composer) Apr 1, 2022
Missing authorization in Moodle Moderate
CVE-2022-0984 was published for moodle/moodle (Composer) Apr 30, 2022
Improper Authentication in moodle Moderate
CVE-2022-0985 was published for moodle/moodle (Composer) Apr 30, 2022
Incorrect Authorization in microweber High
CVE-2022-1631 was published for microweber/microweber (Composer) May 10, 2022
Moodle Logged in users could view all calendar events Moderate
CVE-2019-3848 was published for moodle/moodle (Composer) May 13, 2022
Drupal editor module incorrectly checks access to inline private files High
CVE-2017-6377 was published for drupal/core (Composer) May 13, 2022
Incorrect Authorization in Dolibarr High
CVE-2020-12669 was published for dolibarr/dolibarr (Composer) May 24, 2022
Magento authorization bypass vulnerability High
CVE-2020-9587 was published for magento/community-edition (Composer) May 24, 2022
Magento security mitigation bypass vulnerability Moderate
CVE-2020-9692 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition Incorrect Authorization Moderate
CVE-2020-24401 was published for magento/community-edition (Composer) May 24, 2022
WooCommerce Incorrect Authorization Moderate
CVE-2020-29156 was published for woocommerce/woocommerce (Composer) May 24, 2022
Missing permission check in Moodle Moderate
CVE-2021-20283 was published for moodle/moodle (Composer) May 24, 2022
Moodle Bypass email verification secret when confirming account registration Moderate
CVE-2021-20282 was published for moodle/moodle (Composer) May 24, 2022
Drupal Core Access bypass vulnerability Critical
CVE-2020-13665 was published for drupal/core (Composer) May 24, 2022
Magento Improper Authorization vulnerability in the customers module Moderate
CVE-2021-28567 was published for magento/community-edition (Composer) May 24, 2022
Fix failure to strip Authorization header on HTTP downgrade High
CVE-2022-31043 was published for guzzlehttp/guzzle (Composer) Jun 9, 2022
GrahamCampbell
Incorrect Authorization in thinkcmf Moderate
CVE-2021-40616 was published for thinkcmf/thinkcmf (Composer) Jun 15, 2022
Byobu user preference to prevent private discussions being started are not respected Low
CVE-2022-35921 was published for fof/byobu (Composer) Aug 6, 2022
Magento Improper Access Control vulnerability High
CVE-2022-34255 was published for magento/community-edition (Composer) Aug 17, 2022
ProTip! Advisories are also available from the GraphQL API