GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20 advisories
Filter by severity
Lack of access control on upoaded files
Moderate
CVE-2019-12245
was published
for
silverstripe/assets
(Composer)
Nov 12, 2019
Mautic vulnerable to secret data exfiltration via symfony parameters
Moderate
CVE-2021-27908
was published
for
mautic/core
(Composer)
Apr 6, 2021
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions.
High
CVE-2021-38557
was published
for
billz/raspap-webgui
(Composer)
Sep 2, 2021
Exposure of Sensitive Information to an Unauthorized Actor
High
CVE-2021-32717
was published
for
shopware/platform
(Composer)
Sep 8, 2021
Insecure Inherited Permissions in neoan3-apps/template
High
CVE-2021-41170
was published
for
neoan3-apps/template
(Composer)
Nov 10, 2021
Microweber Incorrect Permission Assignment for Critical Resource vulnerability
Moderate
CVE-2022-0277
was published
for
microweber/microweber
(Composer)
Jan 21, 2022
Improper Access Control in Shopware
High
CVE-2022-24872
was published
for
shopware/core
(Composer)
Apr 22, 2022
Incorrect Permission Assignment for Critical Resource in ShopXO
Critical
CVE-2022-28056
was published
for
shopxo/shopxo
(Composer)
May 3, 2022
Bolt Improper Access Control
Moderate
CVE-2017-16754
was published
for
bolt/bolt
(Composer)
May 13, 2022
Statamic framework Incorrect Permission Assignment
High
CVE-2017-11422
was published
for
statamic/cms
(Composer)
May 13, 2022
Drupal access bypass vulnerability
Moderate
CVE-2017-6928
was published
for
drupal/core
(Composer)
May 13, 2022
Jerome Gamez Firebase Admin SDK for PHP Incorrect Access Control vulnerability
High
CVE-2018-1000025
was published
for
kreait/firebase-php
(Composer)
May 13, 2022
LightSAML Incorrect Access Control vulnerability
High
CVE-2018-1000165
was published
for
lightsaml/lightsaml
(Composer)
May 13, 2022
MODX Revolution Incorrect Access Control vulnerability
High
CVE-2018-1000207
was published
for
modx/revolution
(Composer)
May 13, 2022
Froxlor Incorrect Access Control
High
CVE-2018-12642
was published
for
froxlor/froxlor
(Composer)
May 13, 2022
Moodle command execution vulnerability exists in the default legacy spellchecker plugin
Critical
CVE-2021-21809
was published
for
moodle/moodle
(Composer)
May 24, 2022
Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued
Low
CVE-2022-39284
was published
for
codeigniter4/framework
(Composer)
Oct 6, 2022
SilverStripe Subsite weakens file permissions
Moderate
CVE-2022-42949
was published
for
silverstripe/subsites
(Composer)
Dec 19, 2022
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
Moderate
CVE-2023-48714
was published
for
silverstripe/framework
(Composer)
Jan 23, 2024
Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD>
High
GHSA-34qg-65m4-f23m
was published
for
froxlor/froxlor
(Composer)
Aug 23, 2024
ProTip!
Advisories are also available from the
GraphQL API