Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

70 advisories

Loading
Powermail TYPO3 extension Broken Access Control in the OutputController Moderate
CVE-2024-45233 was published for in2code/powermail (Composer) Aug 29, 2024
Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api Moderate
CVE-2024-42354 was published for shopware/core (Composer) Aug 8, 2024
JoshuaBehrens
FriendlyCaptcha Plugin for TYPO3 Captcha Check Bypass Moderate
CVE-2024-38873 was published for studiomitte/friendlycaptcha (Composer) Jun 21, 2024
Moodle BigBlueButton web service leaks meeting joining information Moderate
CVE-2024-38273 was published for moodle/moodle (Composer) Jun 18, 2024
Magento Open Source Improper Access Control vulnerability Moderate
CVE-2024-34107 was published for magento/community-edition (Composer) Jun 13, 2024
OpenID Connect Authentication (oidc) Typo3 extension Authentication Bypass Moderate
CVE-2024-30173 was published for causal/oidc (Composer) Apr 2, 2024
Improper Access Control in moodle Moderate
CVE-2024-25981 was published for moodle/moodle (Composer) Feb 19, 2024
Improper Access Control in moodle Moderate
CVE-2024-25980 was published for moodle/moodle (Composer) Feb 19, 2024
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme Moderate
CVE-2024-25120 was published for typo3/cms-core (Composer) Feb 13, 2024
sushiwushi bnf
derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module Moderate
CVE-2024-24751 was published for derhansen/sf_event_mgt (Composer) Feb 13, 2024
derhansen
Moodle Improper Access Control vulnerability Moderate
CVE-2024-1439 was published for moodle/moodle (Composer) Feb 12, 2024
phpMyFAQ User Removal Page Allows Spoofing Of User Details Moderate
CVE-2024-22202 was published for phpmyfaq/phpmyfaq (Composer) Feb 5, 2024
PinkDraconian
Broken Access Control order API in Shopware Moderate
CVE-2024-22407 was published for shopware/core (Composer) Jan 17, 2024
Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts Moderate
CVE-2024-21667 was published for pimcore/customer-management-framework-bundle (Composer) Jan 10, 2024
Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list Moderate
CVE-2024-21666 was published for pimcore/customer-management-framework-bundle (Composer) Jan 10, 2024
Pimcore Ecommerce Framework Bundle Improper Access Control allows unprivileged user to access back-office orders list Moderate
CVE-2024-21665 was published for pimcore/ecommerce-framework-bundle (Composer) Jan 10, 2024
OroCommerce get-totals-for-checkout API endpoint returns unwanted data Moderate
CVE-2023-32065 was published for oro/commerce (Composer) Nov 27, 2023
OroCommerce Customer Portal Incorrect Customer and Customer Group Frontend Menus pages visibility Moderate
CVE-2023-32064 was published for oro/customer-portal (Composer) Nov 27, 2023
OroCRMCallBundle has incorrect call view page visibility Moderate
CVE-2023-32063 was published for oro/crm-call-bundle (Composer) Nov 27, 2023
OroCalendarBundle has incorrect system calendar events visibility Moderate
CVE-2023-32062 was published for oro/calendar-bundle (Composer) Nov 27, 2023
Microweber Improper Access Control vulnerability Moderate
CVE-2023-5976 was published for microweber/microweber (Composer) Nov 14, 2023
Moodle Improper Access Control vulnerability Moderate
CVE-2023-5549 was published for moodle/moodle (Composer) Nov 9, 2023
Moodle Improper Access Control vulnerability Moderate
CVE-2023-5542 was published for moodle/moodle (Composer) Nov 9, 2023
Any value can be changed in the configuration table by an employee having access to block reassurance module Moderate
CVE-2023-47110 was published for prestashop/blockreassurance (Composer) Nov 9, 2023
Easy!Appointments Improper Access Control vulnerability Moderate
CVE-2023-3700 was published for alextselegidis/easyappointments (Composer) Jul 17, 2023
ProTip! Advisories are also available from the GraphQL API