GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
Moodle Lesson activity password bypass through PHP loose comparison
Moderate
CVE-2024-45691
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
Moodle allows users to retrieve information they did not have permission to access
Moderate
CVE-2024-45689
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
moodle: IDOR in edit/delete RSS feed
Moderate
CVE-2024-48897
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
moodle: IDOR when fetching report schedules
Moderate
CVE-2024-48901
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
Improper Authorization in dolibarr/dolibarr
Moderate
CVE-2021-3991
was published
for
dolibarr/dolibarr
(Composer)
Nov 15, 2024
Magento Open Source Improper Authorization vulnerability
Moderate
CVE-2024-45131
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Authorization vulnerability
Moderate
CVE-2024-45128
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Powermail TYPO3 extension Broken Access Control in the OutputController
Moderate
CVE-2024-45233
was published
for
in2code/powermail
(Composer)
Aug 29, 2024
Magento Open Source Improper Authorization vulnerability
Moderate
CVE-2024-39412
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
TYPO3 Broken Access Control in Localization Handling
Moderate
GHSA-772m-43f3-hmf8
was published
for
typo3/cms
(Composer)
Jun 7, 2024
Information Disclosure in TYPO3 Backend
Moderate
GHSA-vpr3-rc99-2wpr
was published
for
typo3/cms
(Composer)
Jun 5, 2024
FOSUserBundle User Identity Validation Vulnerability
Moderate
GHSA-8wx3-8m4x-g5h4
was published
for
friendsofsymfony/user-bundle
(Composer)
May 15, 2024
PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block
Moderate
CVE-2023-47109
was published
for
prestashop/blockreassurance
(Composer)
Nov 8, 2023
Pimcore Customer Management Framework vulnerable to Improper Authorization in Rules Controller
Moderate
CVE-2023-3574
was published
for
pimcore/customer-management-framework-bundle
(Composer)
Jul 10, 2023
Moodle may allow students to bypass sequential navigation during a quiz attempt
Moderate
CVE-2022-40208
was published
for
moodle/moodle
(Composer)
Mar 24, 2023
Improper Authorization in nilsteampassnet/teampass
Moderate
CVE-2023-1463
was published
for
nilsteampassnet/teampass
(Composer)
Mar 17, 2023
Wallabag Improper Authorization vulnerability
Moderate
CVE-2023-0734
was published
for
wallabag/wallabag
(Composer)
Mar 5, 2023
Pixelfed may allow unauthorized actor to view private posts
Moderate
CVE-2023-0914
was published
for
pixelfed/pixelfed
(Composer)
Feb 19, 2023
wallabag contains Improper Authorization via export feature
Moderate
CVE-2023-0609
was published
for
wallabag/wallabag
(Composer)
Feb 2, 2023
Symfony storing cookie headers in HttpCache
Moderate
CVE-2022-24894
was published
for
symfony/http-kernel
(Composer)
Feb 1, 2023
Withdrawn: wallabag subject to Improper Authorization
Moderate
GHSA-h45f-rjvw-2rv2
was published
for
wallabag/wallabag
(Composer)
Feb 1, 2023
•
withdrawn
Withdrawn: wallabag subject to Improper Authorization via annotations
Moderate
GHSA-xrw3-wqph-3fxg
was published
for
wallabag/wallabag
(Composer)
Feb 1, 2023
•
withdrawn
Improper Authorization in grumpydictator/firefly-iii
Moderate
CVE-2023-0298
was published
for
grumpydictator/firefly-iii
(Composer)
Jan 14, 2023
Froxlor Improper Authorization vulnerability
Moderate
CVE-2022-4868
was published
for
froxlor/froxlor
(Composer)
Dec 31, 2022
Magento Improper Authorization vulnerability in the customers module
Moderate
CVE-2021-28567
was published
for
magento/community-edition
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API