GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
Information disclosure of source code in SimpleSAMLphp
Low
CVE-2020-5301
was published
for
simplesamlphp/simplesamlphp
(Composer)
Apr 22, 2020
Information exposure via query strings in URL
Low
GHSA-cq6h-w3mc-57f4
was published
for
shopware/core
(Composer)
Dec 21, 2020
User (Encrypted) Password Field Being Serialised
Low
GHSA-7fjp-g4m7-fx23
was published
for
pwweb/laravel-core
(Composer)
Apr 13, 2021
User enumeration in authentication mechanisms
Low
GHSA-2frx-j9hj-6c65
was published
for
lexik/jwt-authentication-bundle
(Composer)
May 17, 2021
User enumeration in authentication mechanisms
Low
GHSA-g2qj-pmxm-9f8f
was published
for
symfony/security-http
(Composer)
May 17, 2021
Twig Sandbox Information Disclosure
Low
CVE-2019-9942
was published
for
twig/twig
(Composer)
Mar 26, 2022
Discoverability of user password hash in Statamic CMS
Low
CVE-2022-24784
was published
for
statamic/cms
(Composer)
Mar 29, 2022
Moodle's login_as feature leaks information from external repositories
Low
CVE-2013-1835
was published
for
moodle/moodle
(Composer)
May 13, 2022
Typo3 Backend Configuration XSS Vulnerability
Low
CVE-2012-3529
was published
for
typo3/cms
(Composer)
May 17, 2022
Magento information disclosure vulnerability
Low
CVE-2020-24406
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Information Disclosure vulnerability
Low
CVE-2021-28566
was published
for
magento/community-edition
(Composer)
May 24, 2022
Information Disclosure due to Out-of-scope Site Resolution
Low
CVE-2023-38499
was published
for
typo3/cms-core
(Composer)
Jul 25, 2023
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Low
CVE-2023-5551
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
Information Disclosure in typo3/cms-install tool
Low
CVE-2023-47126
was published
for
typo3/cms-install
(Composer)
Nov 14, 2023
Kimai information disclosure vulnerability
Low
CVE-2024-4596
was published
for
kimai/kimai
(Composer)
May 7, 2024
Password hash exposed in CraftCMS two factor authentication plugin
Low
CVE-2024-5657
was published
for
born05/craft-twofactorauthentication
(Composer)
Jun 6, 2024
Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient
Low
CVE-2024-50342
was published
for
symfony/http-client
(Composer)
Nov 6, 2024
ProTip!
Advisories are also available from the
GraphQL API