Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

48 advisories

Loading
Improper authentication in Symfony High
CVE-2019-10911 was published for symfony/security (Composer) Feb 12, 2020
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS High
CVE-2020-15098 was published for typo3/cms (Composer) Jul 29, 2020
ohader
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS High
CVE-2020-15099 was published for typo3/cms (Composer) Jul 29, 2020
ohader
Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID High
CVE-2018-10189 was published for mautic/core (Composer) Jan 19, 2021
micschk
Private files publicly accessible with Cloud Storage providers High
GHSA-vrf2-xghr-j52v was published for shopware/core (Composer) Jun 28, 2021
Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2021-32717 was published for shopware/platform (Composer) Sep 8, 2021
Any storage file can be downloaded from p.sh if full server path is known High
GHSA-gqcf-83rq-gpfr was published for ibexa/post-install (Composer) Sep 14, 2021
Any storage file can be downloaded from p.sh if full server path is known High
GHSA-2rh5-jvgx-pgw3 was published for ezsystems/ezplatform (Composer) Sep 14, 2021
Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS High
CVE-2021-41120 was published for sylius/paypal-plugin (Composer) Oct 6, 2021
Unrestricted access to predictable file paths in hov/jobfair High
CVE-2021-43564 was published for hov/jobfair (Composer) Nov 15, 2021
Exposure of Sensitive Information to an Unauthorized Actor in microweber High
CVE-2022-0281 was published for microweber/microweber (Composer) Jan 21, 2022
Exposure of Sensitive Information to an Unauthorized Actor in PhpMyAdmin High
CVE-2022-0813 was published for phpmyadmin/phpmyadmin (Composer) Mar 11, 2022
Moodle uses predictable password-recovery tokens High
CVE-2015-5267 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
October CMS Local File Inclusion High
CVE-2018-1999009 was published for october/october (Composer) May 13, 2022
LFI in PHP-Proxy 5.1.0 High
CVE-2018-19246 was published for athlon1600/php-proxy (Composer) May 14, 2022
Drupal Comment reply form allows access to restricted content High
CVE-2017-6926 was published for drupal/core (Composer) May 14, 2022
Dolibarr sensitive information disclosure High
CVE-2017-17898 was published for dolibarr/dolibarr (Composer) May 14, 2022
Zend Framework Information Disclosure High
CVE-2015-7503 was published for zendframework/zend-crypt (Composer) May 17, 2022
Dolibarr ERP and CRM Sensitive Data Disclosure High
CVE-2017-14240 was published for dolibarr/dolibarr (Composer) May 17, 2022
Wikimedia information leak vulnerability High
CVE-2019-12474 was published for mediawiki/core (Composer) May 24, 2022
Magento 2 Community Edition Information Leak High
CVE-2019-7951 was published for magento/community-edition (Composer) May 24, 2022
Gravity Forms plugin leak hashed passwords High
CVE-2020-13764 was published for wp-premium/gravityforms (Composer) May 24, 2022
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation High
CVE-2020-13700 was published for airesvsg/acf-to-rest-api (Composer) May 24, 2022
MarkLee131
Magento defense-in-depth security mitigation vulnerability High
CVE-2020-9591 was published for magento/community-edition (Composer) May 24, 2022
Silverstripe CMS information disclosure High
CVE-2020-6164 was published for silverstripe/cms (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API