GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
31 advisories
Filter by severity
Authorization Bypass Through User-Controlled Key in Bagisto
Moderate
CVE-2019-16403
was published
for
bagisto/bagisto
(Composer)
Nov 8, 2019
Users can edit the tags of any discussion
Moderate
GHSA-32wx-4gxx-h48f
was published
for
flarum/tags
(Composer)
Jan 29, 2021
Insecure direct object reference of log files of the Import/Export feature
Moderate
CVE-2021-37709
was published
for
shopware/core
(Composer)
Aug 30, 2021
Exposure of sensitive information in concrete5/core
Moderate
CVE-2021-22967
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Password exposure in concrete5/core
Moderate
CVE-2021-22951
was published
for
concrete5/core
(Composer)
Nov 23, 2021
kimai2 is vulnerable to Improper Access Control
Moderate
CVE-2021-3992
was published
for
kevinpapst/kimai2
(Composer)
Dec 3, 2021
elgg is vulnerable to Authorization Bypass Through User-Controlled Key
Moderate
CVE-2021-3964
was published
for
elgg/elgg
(Composer)
Dec 3, 2021
Authorization Bypass Through User-Controlled Key in LiveHelperChat
Moderate
CVE-2022-0266
was published
for
remdex/livehelperchat
(Composer)
Jan 21, 2022
Improper Authorization in dolibarr/dolibarr
Moderate
CVE-2022-0731
was published
for
dolibarr/dolibarr
(Composer)
Feb 24, 2022
Gleez CMS Vulnerability Allows Forced Browsing to Profile Page of Other Users
Moderate
CVE-2018-16704
was published
for
gleez/cms
(Composer)
May 13, 2022
EC-CUBE vulnerable to authorization bypass
Moderate
CVE-2014-0808
was published
for
ec-cube/ec-cube
(Composer)
May 17, 2022
Magento 2 Community Edition IDOR Vulnerability
Moderate
CVE-2019-7864
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Insecure Direct Object Reference (IDOR) in the product module
Moderate
CVE-2021-21022
was published
for
magento/community-edition
(Composer)
May 24, 2022
JetPack Exposure of Resource to Wrong Sphere
Moderate
CVE-2021-24374
was published
for
automattic/jetpack
(Composer)
May 24, 2022
Known v1.3.1 contains Insecure Direct Object Reference
Moderate
CVE-2022-30852
was published
for
idno/known
(Composer)
Jul 9, 2022
Moodle has Incorrect Default Permissions
Moderate
CVE-2021-36400
was published
for
moodle/moodle
(Composer)
Mar 7, 2023
Improper Authorization in nilsteampassnet/teampass
Moderate
CVE-2023-1463
was published
for
nilsteampassnet/teampass
(Composer)
Mar 17, 2023
Moodle may allow authenticated users to enumerate other user's names via learning plans page
Moderate
CVE-2023-28334
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
Easy!Appointments Improper Access Control vulnerability
Moderate
CVE-2023-3700
was published
for
alextselegidis/easyappointments
(Composer)
Jul 17, 2023
Moodle Cross-site Scripting vulnerability
Moderate
CVE-2023-5544
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
Reportico affected by Incorrect Access Control
Moderate
CVE-2023-48865
was published
for
reportico-web/reportico
(Composer)
Apr 12, 2024
SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation
Moderate
GHSA-g4hp-pfvf-vm5w
was published
for
silverstripe/framework
(Composer)
May 23, 2024
events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability
Moderate
CVE-2024-38874
was published
for
jweiland/events2
(Composer)
Jun 21, 2024
"powermail" (powermail) Insecure Direct Object Reference (IDOR)
Moderate
CVE-2024-45232
was published
for
in2code/powermail
(Composer)
Aug 29, 2024
powermail TYPO3 extension has Insecure Direct Object Reference
Moderate
CVE-2024-47047
was published
for
in2code/powermail
(Composer)
Sep 17, 2024
ProTip!
Advisories are also available from the
GraphQL API