Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

26 advisories

Loading
Mautic vulnerable to Improper Access Control in UI upgrade process High
CVE-2022-25768 was published for mautic/core (Composer) Sep 18, 2024
mollux escopecz
patrykgruszka
Studio 42 elFinder vulnerable to Incorrect Access Control High
CVE-2024-38909 was published for studio-42/elfinder (Composer) Jul 30, 2024
BookStack Incorrect Access Control vulnerability High
CVE-2024-36676 was published for ssddanbrown/bookstack (Composer) Jul 10, 2024
Dolibarr vulnerable to Cross-Site Request Forgery High
CVE-2024-31503 was published for dolibarr/dolibarr (Composer) Apr 17, 2024
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler High
CVE-2024-25121 was published for typo3/cms-core (Composer) Feb 13, 2024
ohader
RosarioSIS Improper Access Control vulnerability High
CVE-2023-0994 was published for francoisjacquet/rosariosis (Composer) Feb 24, 2023
Moodle Improper Access Control vulnerability High
CVE-2023-23923 was published for moodle/moodle (Composer) Feb 17, 2023
Flarum post mentions can be used to read any post on the forum without access control High
CVE-2023-22487 was published for flarum/mentions (Composer) Jan 10, 2023
clarkwinkelmann
Magento Improper Access Control vulnerability High
CVE-2022-34255 was published for magento/community-edition (Composer) Aug 17, 2022
Moodle incorrect access control High
CVE-2020-25629 was published for moodle/moodle (Composer) May 24, 2022
MediaWiki Incorrect Access Control vulnerability High
CVE-2019-12472 was published for mediawiki/core (Composer) May 24, 2022
TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism High
CVE-2010-3714 was published for typo3/cms (Composer) May 17, 2022
Drupal Access Control Bypass High
CVE-2011-2687 was published for drupal/core (Composer) May 17, 2022
Drupal Form API ignores access restrictions on submit buttons High
CVE-2016-3165 was published for drupal/core (Composer) May 17, 2022
Drupal File upload access bypass and denial of service High
CVE-2016-3162 was published for drupal/core (Composer) May 17, 2022
Drupal Node Validation Bypass in the node module API High
CVE-2008-4793 was published for drupal/drupal (Composer) May 17, 2022
Drupal access control bypass vulnerability High
CVE-2017-6919 was published for drupal/core (Composer) May 13, 2022
Drupal access bypass vulnerability High
CVE-2017-6930 was published for drupal/core (Composer) May 13, 2022
Incorrect Authorization in microweber High
CVE-2022-1631 was published for microweber/microweber (Composer) May 10, 2022
Exposure of Resource to Wrong Sphere in ThinkPHP Framework High
CVE-2022-25481 was published for topthink/framework (Composer) Mar 22, 2022
Improper Access Control in librenms High
CVE-2022-0580 was published for librenms/librenms (Composer) Feb 16, 2022
Drupal core access bypass vulnerability High
CVE-2020-13677 was published for drupal/core (Composer) Feb 12, 2022
User can obtain JWT token even if account is disabled High
GHSA-36mj-6r7r-mqhf was published for ezsystems/ezplatform-rest (Composer) Sep 29, 2021
Dolibarr vulnerable to Improper Authentication and Improper Access Control High
CVE-2021-25956 was published for dolibarr/dolibarr (Composer) Sep 2, 2021
Improper Access Control in moodle High
CVE-2020-25698 was published for moodle/moodle (Composer) Mar 29, 2021
MarkLee131
ProTip! Advisories are also available from the GraphQL API