Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

156 advisories

Loading
Local file disclosure in PHPMailer Moderate
CVE-2017-5223 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Potentially sensitive data exposure in Symfony Web Socket Bundle Moderate
GHSA-wwgf-3xp7-cxj4 was published for gos/web-socket-bundle (Composer) Jul 7, 2020
phproberto
Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-32712 was published for shopware/shopware (Composer) Sep 8, 2021
Shopware contains sensitive data in backend customer module Moderate
CVE-2022-36101 was published for shopware/shopware (Composer) Sep 16, 2022
Information Disclosure via Export Module Moderate
CVE-2022-31046 was published for typo3/cms (Composer) Jun 17, 2022
linawolf derhansen
Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-32716 was published for shopware/platform (Composer) Sep 8, 2021
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file Moderate
CVE-2011-3712 was published for cakephp/cakephp (Composer) May 17, 2022
ravage84
TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration Moderate
CVE-2022-23504 was published for typo3/cms (Composer) Dec 13, 2022
ohader
Exposure of Sensitive Information to an Unauthorized Actor in LibreNMS Moderate
CVE-2019-10667 was published for librenms/librenms (Composer) Oct 11, 2019
User enumeration leak using switch user functionality in Symfony Moderate
CVE-2019-18886 was published for symfony/security-http (Composer) Dec 2, 2019
List of order ids, number, items total and token value exposed for unauthorized uses via new API Moderate
CVE-2021-32720 was published for sylius/sylius (Composer) Jun 29, 2021
nickvanderzwet
Password exposure in concrete5/core Moderate
CVE-2021-22951 was published for concrete5/core (Composer) Nov 23, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Moodle Moderate
CVE-2020-25703 was published for moodle/moodle (Composer) Oct 21, 2021
Exposed phpinfo() leadked via documentation files Moderate
CVE-2021-37704 was published for phpfastcache/phpfastcache (Composer) Aug 30, 2021
Geolim4
Exposure of sensitive information in concrete5/core Moderate
CVE-2021-22967 was published for concrete5/core (Composer) Nov 23, 2021
Pixelfed allows user enumeration via reset password functionality Moderate
CVE-2023-0901 was published for pixelfed/pixelfed (Composer) Feb 18, 2023
HTTP caching is marking private HTTP headers as public in Shopware Moderate
CVE-2022-24747 was published for shopware/core (Composer) Mar 10, 2022
UlrichThomasGabor
Sensitive Information Exposure in Sylius Moderate
CVE-2022-24742 was published for sylius/sylius (Composer) Mar 14, 2022
Sensitive Data Exposure in elFinder Moderate
CVE-2019-5884 was published for studio-42/elfinder (Composer) May 13, 2022
PrestaShop has potential Information exposure in the upload directory Moderate
CVE-2022-46158 was published for prestashop/prestashop (Composer) Dec 8, 2022
Centreon Sensitive Data Exposure vulnerability Moderate
CVE-2020-10945 was published for centreon/centreon (Composer) May 24, 2022
Exposure of Sensitive Information in snipe/snipe-it Moderate
CVE-2022-0569 was published for snipe/snipe-it (Composer) Feb 15, 2022
Exposure of Sensitive Information to an Unauthorized Actor in librenms Moderate
CVE-2022-0588 was published for librenms/librenms (Composer) Feb 16, 2022
Flarum Core Leaks PII Moderate
CVE-2018-19133 was published for flarum/framework (Composer) May 14, 2022
Silverstripe CMS User Enumeration Moderate
CVE-2017-12849 was published for silverstripe/cms (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API