GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
Improper Privilege Management in Concrete CMS
High
CVE-2021-22966
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Privilege escalation in easyappointments
High
CVE-2022-1397
was published
for
alextselegidis/easyappointments
(Composer)
May 11, 2022
Privilege escalation in the Sulu Admin panel
High
CVE-2021-43835
was published
for
sulu/sulu
(Composer)
Dec 15, 2021
AVideo vulnerable to Improper Privilege Management
High
CVE-2020-23489
was published
for
wwbn/avideo
(Composer)
May 24, 2022
Company admin role gives excessive privileges in eZ Platform Ibexa
High
CVE-2022-48365
was published
for
ezsystems/ezplatform-kernel
(Composer)
Mar 12, 2023
thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management
High
CVE-2023-1762
was published
for
thorsten/phpmyfaq
(Composer)
Mar 31, 2023
Improper Privilege Management in Snipe-IT
High
CVE-2022-0611
was published
for
snipe/snipe-it
(Composer)
Feb 17, 2022
Privilage Escalation in moodle
High
CVE-2020-25699
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Improper Privilege Management in microweber
High
CVE-2023-2240
was published
for
microweber/microweber
(Composer)
Apr 22, 2023
Moodle Users could elevate their role when accessing the LTI tool on a provider site
High
CVE-2019-3849
was published
for
moodle/moodle
(Composer)
May 13, 2022
UVDesk Community Helpdesk Improper Privilege Management
High
CVE-2024-3137
was published
for
uvdesk/core-framework
(Composer)
Apr 2, 2024
Dusk plugin may allow unfettered user authentication in misconfigured installs
High
CVE-2024-32003
was published
for
winter/wn-dusk-plugin
(Composer)
Apr 12, 2024
Privilege escalation via form generator
High
CVE-2021-37627
was published
for
contao/contao
(Composer)
Aug 23, 2021
Drupal saving user accounts can sometimes grant the user all roles
High
CVE-2016-3169
was published
for
drupal/core
(Composer)
May 17, 2022
Drupal REST API can bypass comment approval
High
CVE-2017-6924
was published
for
drupal/core
(Composer)
May 13, 2022
CodeIgniter Improper Privilege Management
High
CVE-2020-10793
was published
for
codeigniter4/framework
(Composer)
May 24, 2022
TeamPass Improper Privilege Management
High
CVE-2017-15055
was published
for
nilsteampassnet/teampass
(Composer)
May 13, 2022
EC-CUBE Improper access control vulnerability
High
CVE-2021-20778
was published
for
ec-cube/ec-cube
(Composer)
May 24, 2022
Drupal Saving user accounts can sometimes grant the user all roles
High
CVE-2016-6211
was published
for
drupal/core
(Composer)
May 17, 2022
Grav Vulnerable to Arbitrary File Read to Account Takeover
High
CVE-2024-34082
was published
for
getgrav/grav
(Composer)
May 15, 2024
TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts
High
GHSA-4r76-xr68-w7m7
was published
for
typo3/cms
(Composer)
May 30, 2024
ProTip!
Advisories are also available from the
GraphQL API