Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

22 advisories

Loading
Kirby has insufficient permission checks in the language settings High
CVE-2024-41964 was published for getkirby/cms (Composer) Aug 29, 2024
SebastianEberlein-JUNO
aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account High
CVE-2024-39323 was published for aimeos/ai-admin-graphql (Composer) Jul 2, 2024
ssshah2131
Silverstripe SiteTree Creation Permission Vulnerability High
GHSA-3mm9-2p44-rw39 was published for silverstripe/cms (Composer) May 22, 2024
Dusk plugin may allow unfettered user authentication in misconfigured installs High
CVE-2024-32003 was published for winter/wn-dusk-plugin (Composer) Apr 12, 2024
bennothommo
Field injection in the KirbyData text storage handler High
CVE-2023-38488 was published for getkirby/cms (Composer) Jul 28, 2023
dapatrese
api-platform/core's secured properties may be accessible within collections High
CVE-2023-25575 was published for api-platform/core (Composer) Feb 28, 2023
Toflar soyuka
Magento Improper input validation vulnerability High
CVE-2022-42344 was published for magento/community-edition (Composer) Oct 20, 2022
Magento Improper Access Control vulnerability High
CVE-2022-34255 was published for magento/community-edition (Composer) Aug 17, 2022
Magento Improper Authorization vulnerability High
CVE-2022-34256 was published for magento/community-edition (Composer) Aug 17, 2022
Fix failure to strip Authorization header on HTTP downgrade High
CVE-2022-31043 was published for guzzlehttp/guzzle (Composer) Jun 9, 2022
GrahamCampbell
Magento authorization bypass vulnerability High
CVE-2020-9587 was published for magento/community-edition (Composer) May 24, 2022
Incorrect Authorization in Dolibarr High
CVE-2020-12669 was published for dolibarr/dolibarr (Composer) May 24, 2022
Drupal editor module incorrectly checks access to inline private files High
CVE-2017-6377 was published for drupal/core (Composer) May 13, 2022
Incorrect Authorization in microweber High
CVE-2022-1631 was published for microweber/microweber (Composer) May 10, 2022
Access Control vulnerability in Dolibarr High
CVE-2021-37517 was published for dolibarr/dolibarr (Composer) Apr 1, 2022
Improper Access Control in librenms High
CVE-2022-0580 was published for librenms/librenms (Composer) Feb 16, 2022
Drupal core access bypass vulnerability High
CVE-2020-13677 was published for drupal/core (Composer) Feb 12, 2022
BuddyPress privilege escalation via REST API High
CVE-2021-21389 was published for buddypress/buddypress (Composer) Oct 6, 2021
Incorrect Authorization in TeamPass High
CVE-2020-12477 was published for nilsteampassnet/teampass (Composer) Jul 26, 2021
Improper Input Validation in Laravel High
CVE-2020-24941 was published for laravel/framework (Composer) May 6, 2021
Privilage Escalation in moodle High
CVE-2020-25699 was published for moodle/moodle (Composer) Mar 29, 2021
Local File Inclusion by unauthenticated users High
CVE-2020-15246 was published for october/cms (Composer) Nov 23, 2020
ka1n4t
ProTip! Advisories are also available from the GraphQL API