Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

159 advisories

Loading
eZ Platform REST API returns list of all SiteAccesses Moderate
GHSA-9wwx-c723-vm8x was published for ezsystems/ezpublish-kernel (Composer) May 15, 2024
endroid/qr-code-bundle File Disclosure via logo_path query parameter Moderate
GHSA-mvf6-3f2g-xfxf was published for endroid/qr-code-bundle (Composer) May 15, 2024
Anonymous PrestaShop customer can download other customers' invoices Moderate
CVE-2024-34717 was published for prestashop/prestashop (Composer) May 14, 2024
matthieu-rolland
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController Moderate
CVE-2024-34358 was published for typo3/cms-core (Composer) May 14, 2024
derhansen bnf
bmack
MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2024-34080 was published for mantisbt/mantisbt (Composer) May 13, 2024
vboctor dregad
Pimcore Preview Documents are not restricted to logged in users anymore Moderate
CVE-2024-29197 was published for pimcore/pimcore (Composer) Mar 26, 2024
rliebi pryserv
Storefront user can access history and most viewed data from matching back-office user with the same ID Moderate
CVE-2023-48296 was published for oro/customer-portal (Composer) Mar 25, 2024
Pinned entity creation form shows wrong data Moderate
CVE-2023-45824 was published for oro/platform (Composer) Mar 25, 2024
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme Moderate
CVE-2024-25120 was published for typo3/cms-core (Composer) Feb 13, 2024
sushiwushi bnf
TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key Moderate
CVE-2024-25119 was published for typo3/cms-core (Composer) Feb 13, 2024
bnf
TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords Moderate
CVE-2024-25118 was published for typo3/cms-core (Composer) Feb 13, 2024
lolli42 ohader
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter Moderate
CVE-2023-48714 was published for silverstripe/framework (Composer) Jan 23, 2024
Test code in published microsoft-graph-beta package exposes phpinfo() Moderate
GHSA-7mc6-x925-7qvx was published for microsoft/microsoft-graph-beta (Composer) Dec 5, 2023
Test code in published microsoft-graph-core package exposes phpinfo() Moderate
CVE-2023-49283 was published for microsoft/microsoft-graph-core (Composer) Dec 5, 2023
Test code in published microsoft-graph package exposes phpinfo() Moderate
CVE-2023-49282 was published for microsoft/microsoft-graph (Composer) Dec 5, 2023
LibreNMS has Broken Access control on Graphs Feature Moderate
CVE-2023-48294 was published for librenms/librenms (Composer) Nov 17, 2023
rook1337
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-5545 was published for moodle/moodle (Composer) Nov 9, 2023
MantisBT may disclose project names to unauthorized users Moderate
CVE-2023-44394 was published for mantisbt/mantisbt (Composer) Oct 17, 2023
Pimcore Demo Allows GraphQL Introspection Moderate
CVE-2023-5192 was published for pimcore/demo (Composer) Sep 27, 2023
MongoDB Driver may publish events containing authentication-related data Moderate
CVE-2021-32050 was published for github.com/mongodb/mongo-swift-driver (Composer) Aug 29, 2023
Shopware dependency configuration exposed Moderate
CVE-2023-34098 was published for shopware/shopware (Composer) Jun 28, 2023
Moodle may display roles to users who don't have access to them Moderate
CVE-2023-1402 was published for moodle/moodle (Composer) Mar 23, 2023
Moodle may allow authenticated users to enumerate other user's names via learning plans page Moderate
CVE-2023-28334 was published for moodle/moodle (Composer) Mar 23, 2023
Moodle may allow teachers to access the names of users they could not otherwise access Moderate
CVE-2023-28336 was published for moodle/moodle (Composer) Mar 23, 2023
MantisBT may expose private issues' summaries to unauthorized users Moderate
CVE-2023-22476 was published for mantisbt/mantisbt (Composer) Feb 23, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database