Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

234 advisories

Loading
Codiad information disclosure vulnerability High
CVE-2017-20178 was published for codiad/codiad (Composer) Feb 21, 2023
Pixelfed allows user enumeration via reset password functionality Moderate
CVE-2023-0901 was published for pixelfed/pixelfed (Composer) Feb 18, 2023
TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration Moderate
CVE-2022-23504 was published for typo3/cms (Composer) Dec 13, 2022
ohader darth-hader
PrestaShop has potential Information exposure in the upload directory Moderate
CVE-2022-46158 was published for prestashop/prestashop (Composer) Dec 8, 2022
Craft CMS discloses password hashes High
CVE-2022-37783 was published for craftcms/cms (Composer) Dec 5, 2022
ezplatform-graphql GraphQL queries can expose password hashes High
CVE-2022-41876 was published for ezsystems/ezplatform-graphql (Composer) Nov 10, 2022
tranca
Moodle Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-40695 was published for moodle/moodle (Composer) Sep 30, 2022
Shopware contains sensitive data in backend customer module Moderate
CVE-2022-36101 was published for shopware/shopware (Composer) Sep 16, 2022
Unauthenticated Sensitive Information Disclosure vulnerability Moderate
CVE-2022-34867 was published for libreform/libreform (Composer) Sep 7, 2022
Valinor error messages leading to potential data exfiltration before v0.12.0 High
CVE-2022-31140 was published for cuyz/valinor (Composer) Jul 12, 2022
Change in port should be considered a change in origin High
CVE-2022-31091 was published for guzzlehttp/guzzle (Composer) Jun 21, 2022
CURLOPT_HTTPAUTH option not cleared on change of origin High
CVE-2022-31090 was published for guzzlehttp/guzzle (Composer) Jun 21, 2022
Information Disclosure via Export Module Moderate
CVE-2022-31046 was published for typo3/cms (Composer) Jun 17, 2022
linawolf derhansen
Failure to strip the Cookie header on change in host or HTTP downgrade High
CVE-2022-31042 was published for guzzlehttp/guzzle (Composer) Jun 9, 2022
GrahamCampbell am0o0
Fix failure to strip Authorization header on HTTP downgrade High
CVE-2022-31043 was published for guzzlehttp/guzzle (Composer) Jun 9, 2022
GrahamCampbell
Cross-domain cookie leakage in Guzzle High
CVE-2022-29248 was published for guzzlehttp/guzzle (Composer) May 25, 2022
Magento Information Disclosure vulnerability Low
CVE-2021-28566 was published for magento/community-edition (Composer) May 24, 2022
Magento information disclosure vulnerability Low
CVE-2020-24406 was published for magento/community-edition (Composer) May 24, 2022
Microweber Discloses Sensitive Information High
CVE-2020-13405 was published for microweber/microweber (Composer) May 24, 2022
Silverstripe CMS information disclosure High
CVE-2020-6164 was published for silverstripe/cms (Composer) May 24, 2022
Magento defense-in-depth security mitigation vulnerability High
CVE-2020-9591 was published for magento/community-edition (Composer) May 24, 2022
img_auth.php may leak private extension images into the public cache Moderate
CVE-2020-15005 was published for mediawiki/core (Composer) May 24, 2022
Rudloff
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation High
CVE-2020-13700 was published for airesvsg/acf-to-rest-api (Composer) May 24, 2022
MarkLee131
Gravity Forms plugin leak hashed passwords High
CVE-2020-13764 was published for wp-premium/gravityforms (Composer) May 24, 2022
Centreon Sensitive Data Exposure vulnerability Moderate
CVE-2020-10945 was published for centreon/centreon (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database