Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

73 advisories

Loading
Kirby has insufficient permission checks in the language settings High
CVE-2024-41964 was published for getkirby/cms (Composer) Aug 29, 2024
SebastianEberlein-JUNO
Magento Open Source Incorrect Authorization vulnerability Moderate
CVE-2024-34106 was published for magento/community-edition (Composer) Jun 13, 2024
Silverstripe Reports are still accessible even when `canView()` returns false Moderate
CVE-2024-29885 was published for silverstripe/reports (Composer) Jul 17, 2024
aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services Low
CVE-2024-39324 was published for aimeos/ai-admin-graphql (Composer) Jul 2, 2024
ssshah2131
aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records Moderate
CVE-2024-39322 was published for aimeos/ai-admin-jsonadm (Composer) Jul 2, 2024
ssshah2131
aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account High
CVE-2024-39323 was published for aimeos/ai-admin-graphql (Composer) Jul 2, 2024
ssshah2131
TYPO3 Broken Access Control in Import Module Moderate
GHSA-g776-759r-pf6x was published for typo3/cms-core (Composer) May 30, 2024
Silverstripe SiteTree Creation Permission Vulnerability High
GHSA-3mm9-2p44-rw39 was published for silverstripe/cms (Composer) May 22, 2024
Drupal editor module incorrectly checks access to inline private files High
CVE-2017-6377 was published for drupal/core (Composer) May 13, 2022
EC-CUBE Improper access control in Management screen Moderate
CVE-2021-20841 was published for ec-cube/ec-cube (Composer) Nov 25, 2021
Incorrect Authorization in Dolibarr High
CVE-2020-12669 was published for dolibarr/dolibarr (Composer) May 24, 2022
Moodle Logged in users could view all calendar events Moderate
CVE-2019-3848 was published for moodle/moodle (Composer) May 13, 2022
Moodle Bypass email verification secret when confirming account registration Moderate
CVE-2021-20282 was published for moodle/moodle (Composer) May 24, 2022
Moodle Incorrect Authorization Moderate
CVE-2021-40692 was published for moodle/moodle (Composer) Sep 30, 2022
Missing permission check in Moodle Moderate
CVE-2021-20283 was published for moodle/moodle (Composer) May 24, 2022
Drupal Core Access bypass vulnerability Critical
CVE-2020-13665 was published for drupal/core (Composer) May 24, 2022
Magento Improper input validation vulnerability High
CVE-2022-42344 was published for magento/community-edition (Composer) Oct 20, 2022
Dusk plugin may allow unfettered user authentication in misconfigured installs High
CVE-2024-32003 was published for winter/wn-dusk-plugin (Composer) Apr 12, 2024
bennothommo
Sulu grants access to pages regardless of role permissions Moderate
CVE-2024-27915 was published for sulu/sulu (Composer) Mar 4, 2024
SilverStripe GraphQL Server permission checker not inherited by query subclass. Moderate
CVE-2021-28661 was published for silverstripe/graphql (Composer) Oct 12, 2021
phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes Moderate
CVE-2024-22208 was published for phpmyfaq/phpmyfaq (Composer) Feb 5, 2024
PinkDraconian
View permissions are bypassed for paginated lists of ORM data Moderate
CVE-2023-44401 was published for silverstripe/graphql (Composer) Jan 23, 2024
No permission checks for editing/deleting records with CSV import form Moderate
CVE-2023-49783 was published for silverstripe/admin (Composer) Jan 23, 2024
GuySartorelli
Magento Improper Authorization vulnerability in the customers module Moderate
CVE-2021-28567 was published for magento/community-edition (Composer) May 24, 2022
Magento Improper Access Control vulnerability High
CVE-2022-34255 was published for magento/community-edition (Composer) Aug 17, 2022
ProTip! Advisories are also available from the GraphQL API