Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

104 advisories

Loading
Mautic vulnerable to Improper Access Control in UI upgrade process High
CVE-2022-25768 was published for mautic/core (Composer) Sep 18, 2024
mollux escopecz
patrykgruszka
Powermail TYPO3 extension Broken Access Control in the OutputController Moderate
CVE-2024-45233 was published for in2code/powermail (Composer) Aug 29, 2024
Dolibarr vulnerable to Cross-Site Request Forgery High
CVE-2024-31503 was published for dolibarr/dolibarr (Composer) Apr 17, 2024
Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api Moderate
CVE-2024-42354 was published for shopware/core (Composer) Aug 8, 2024
JoshuaBehrens
Studio 42 elFinder vulnerable to Incorrect Access Control High
CVE-2024-38909 was published for studio-42/elfinder (Composer) Jul 30, 2024
Magento Open Source Improper Access Control vulnerability Moderate
CVE-2024-34107 was published for magento/community-edition (Composer) Jun 13, 2024
FriendlyCaptcha Plugin for TYPO3 Captcha Check Bypass Moderate
CVE-2024-38873 was published for studiomitte/friendlycaptcha (Composer) Jun 21, 2024
BookStack Incorrect Access Control vulnerability High
CVE-2024-36676 was published for ssddanbrown/bookstack (Composer) Jul 10, 2024
Exposure of Resource to Wrong Sphere in ThinkPHP Framework High
CVE-2022-25481 was published for topthink/framework (Composer) Mar 22, 2022
Moodle BigBlueButton web service leaks meeting joining information Moderate
CVE-2024-38273 was published for moodle/moodle (Composer) Jun 18, 2024
MediaWiki Incorrect Access Control vulnerability High
CVE-2019-12472 was published for mediawiki/core (Composer) May 24, 2022
Mediawiki tarball is missing .htaccess files Moderate
CVE-2018-13258 was published for mediawiki/core (Composer) May 14, 2022
Wikimedia MediaWik exposed suppressed log in RevisionDelete page Moderate
CVE-2019-12470 was published for mediawiki/core (Composer) May 24, 2022
MediaWiki Incorrect Access Control vulnerability Moderate
CVE-2019-12469 was published for mediawiki/core (Composer) May 24, 2022
Wikimedia MediaWiki Incorrect Access Control vulnerability Critical
CVE-2019-12468 was published for mediawiki/core (Composer) May 24, 2022
MediaWiki Incorrect Access Control vulnerability Moderate
CVE-2019-12467 was published for mediawiki/core (Composer) May 24, 2022
Drupal access control bypass vulnerability High
CVE-2017-6919 was published for drupal/core (Composer) May 13, 2022
Contao Information Disclosure via Access Control Flaws Moderate
CVE-2018-20028 was published for contao/contao (Composer) May 13, 2022
Moodle Ability to delete glossary entries that belong to another glossary Moderate
CVE-2019-10187 was published for moodle/moodle (Composer) May 24, 2022
Moodle Improper Access Control Moderate
CVE-2016-3729 was published for moodle/moodle (Composer) May 13, 2022
moodle Improper Access Control Moderate
CVE-2019-10189 was published for moodle/moodle (Composer) May 24, 2022
moodle Improper Access Control Moderate
CVE-2019-10188 was published for moodle/moodle (Composer) May 24, 2022
Drupal access bypass vulnerability High
CVE-2017-6930 was published for drupal/core (Composer) May 13, 2022
Drupal Form API ignores access restrictions on submit buttons High
CVE-2016-3165 was published for drupal/core (Composer) May 17, 2022
Drupal File upload access bypass and denial of service High
CVE-2016-3162 was published for drupal/core (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API