GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
86 advisories
Filter by severity
Incorrect access control in typo3_forum
Moderate
CVE-2020-15513
was published
for
mittwald/typo3_forum
(Composer)
Jul 29, 2020
Information Disclosure in TYPO3 extension sf_event_mgt
Moderate
CVE-2020-25026
was published
for
derhansen/sf_event_mgt
(Composer)
Sep 2, 2020
Privilege escalation by backend users assigned to the default "Publisher" system role
Low
CVE-2020-15248
was published
for
october/backend
(Composer)
Nov 23, 2020
Local File Inclusion by unauthenticated users
High
CVE-2020-15246
was published
for
october/cms
(Composer)
Nov 23, 2020
Authenticated Privilege Escalation
Low
GHSA-5q58-x5h2-v5rx
was published
for
shopware/core
(Composer)
Dec 21, 2020
Privilage Escalation in moodle
Moderate
CVE-2020-25701
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Privilage Escalation in moodle
High
CVE-2020-25699
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Moodle allowed some users without permission to view other users' full names
Moderate
CVE-2021-20281
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Improper Input Validation in Laravel
High
CVE-2020-24941
was published
for
laravel/framework
(Composer)
May 6, 2021
Incorrect Authorization in TeamPass
High
CVE-2020-12477
was published
for
nilsteampassnet/teampass
(Composer)
Jul 26, 2021
Incorrect Authorization in TYPO3 extension
Moderate
CVE-2020-25025
was published
for
localizationteam/l10nmgr
(Composer)
Jul 26, 2021
Improper Access Control in Dolibarr
Moderate
CVE-2021-25954
was published
for
dolibarr/dolibarr
(Composer)
Aug 11, 2021
Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-32716
was published
for
shopware/platform
(Composer)
Sep 8, 2021
Improper Access Control in Webauthn Framework
Critical
CVE-2021-38299
was published
for
web-auth/webauthn-framework
(Composer)
Sep 29, 2021
BuddyPress privilege escalation via REST API
High
CVE-2021-21389
was published
for
buddypress/buddypress
(Composer)
Oct 6, 2021
SilverStripe GraphQL Server permission checker not inherited by query subclass.
Moderate
CVE-2021-28661
was published
for
silverstripe/graphql
(Composer)
Oct 12, 2021
EC-CUBE Improper access control in Management screen
Moderate
CVE-2021-20841
was published
for
ec-cube/ec-cube
(Composer)
Nov 25, 2021
bookstack is vulnerable to Improper Access Control
Moderate
CVE-2021-4026
was published
for
ssddanbrown/bookstack
(Composer)
Dec 1, 2021
kimai2 is vulnerable to Improper Access Control
Moderate
CVE-2021-3992
was published
for
kevinpapst/kimai2
(Composer)
Dec 3, 2021
Incorrect Authorization in latte/latte
Critical
CVE-2021-23803
was published
for
latte/latte
(Composer)
Jan 6, 2022
bookstack is vulnerable to Improper Access Control
Moderate
CVE-2021-4194
was published
for
ssddanbrown/bookstack
(Composer)
Jan 8, 2022
Insufficient user authorization in Moodle
Moderate
CVE-2022-0334
was published
for
moodle/moodle
(Composer)
Jan 28, 2022
Insufficient user authorization in Moodle
Low
CVE-2022-0333
was published
for
moodle/moodle
(Composer)
Jan 28, 2022
Incorrect Authorization in Drupal core
Moderate
CVE-2020-13676
was published
for
drupal/core
(Composer)
Feb 12, 2022
Drupal core access bypass vulnerability
High
CVE-2020-13677
was published
for
drupal/core
(Composer)
Feb 12, 2022
ProTip!
Advisories are also available from the
GraphQL API