Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

159 advisories

Loading
Moodle IDOR when accessing list of badge recipients Moderate
CVE-2024-48900 was published for moodle/moodle (Composer) Nov 13, 2024
Magento Open Source Information Exposure vulnerability Moderate
CVE-2024-45134 was published for magento/community-edition (Composer) Oct 10, 2024
MantisBT vulnerable to information disclosure with user profiles Moderate
CVE-2024-45792 was published for mantisbt/mantisbt (Composer) Sep 30, 2024
c-schmitz dregad
Mautic allows users enumeration due to weak password login Moderate
CVE-2024-47059 was published for mautic/core (Composer) Sep 18, 2024
tomekkowalczyk patrykgruszka
escopecz rafibz007
Pimcore vulnerable to disclosure of system and database information behind /admin firewall Moderate
CVE-2024-41109 was published for pimcore/admin-ui-classic-bundle (Composer) Jul 30, 2024
mysliwietzflorian
Silverstripe Reports are still accessible even when `canView()` returns false Moderate
CVE-2024-29885 was published for silverstripe/reports (Composer) Jul 17, 2024
Zend-developer-tools information disclosure vulnerability Moderate
GHSA-qg7m-mwxm-j3h7 was published for zendframework/zend-developer-tools (Composer) Jun 7, 2024
ZendFramework Information Disclosure and Insufficient Entropy vulnerability Moderate
GHSA-2fhr-8r8r-qp56 was published for zendframework/zendframework (Composer) Jun 7, 2024
TYPO3 Information Disclosure in Install Tool Moderate
GHSA-6487-3qvg-8px9 was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Information Disclosure of Installed Extensions Moderate
GHSA-f624-8hfq-5fh3 was published for typo3/cms (Composer) Jun 7, 2024
Typo3 Arbitrary File Disclosure in Form Component Moderate
GHSA-wrpf-2x8h-82gr was published for typo3/cms (Composer) Jun 4, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments Moderate
CVE-2024-34004 was published for moodle/moodle (Composer) May 31, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments Moderate
CVE-2024-34003 was published for moodle/moodle (Composer) May 31, 2024
TYPO3 Frontend vulnerable to Unauthenticated Path Disclosure Moderate
GHSA-pqfv-97hj-g97g was published for typo3/cms (Composer) May 30, 2024
TYPO3 Information Disclosure Vulnerability Exploitable by Editors Moderate
GHSA-r287-hc8j-w56h was published for typo3/cms (Composer) May 30, 2024
TYPO3 Disclosure of Information about Installed Extensions Moderate
GHSA-p2h4-7fp3-cmh8 was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Information Disclosure in Page Tree Moderate
GHSA-wvvp-jwf5-qcpc was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Information Disclosure in Install Tool Moderate
GHSA-66c2-7g4p-wx4p was published for typo3/cms-core (Composer) May 30, 2024
silverstripe/userforms file upload exposure on UserForms module Moderate
GHSA-55pp-293f-3365 was published for silverstripe/userforms (Composer) May 28, 2024
silverstripe/framework vulnerable to member disclosure in login form Moderate
GHSA-crr3-h4m8-7f56 was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms Moderate
GHSA-r3pr-fh25-wrfc was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework's URL parameters `isDev` and `isTest` unguarded Moderate
GHSA-55qg-6c4m-mw6g was published for silverstripe/framework (Composer) May 27, 2024
silverstripe/framework member disclosure in login form Moderate
GHSA-g84q-cq55-xwgp was published for silverstripe/framework (Composer) May 27, 2024
Data Leakage Vulnerability in livewire/livewire Moderate
GHSA-qwvp-268g-jjm8 was published for livewire/livewire (Composer) May 15, 2024
Read private customer data reclaiming carts in Klaviyo Magento Moderate
GHSA-hvgw-gg3p-295j was published for klaviyo/magento2-extension (Composer) May 15, 2024
ProTip! Advisories are also available from the GraphQL API