GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
27 advisories
Filter by severity
Leak of information via Store-API aggregations in shopware/platform and shopware/core
Critical
GHSA-qg7c-q3vq-rgxr
was published
for
shopware/core
(Composer)
Apr 13, 2021
After order payment process manipulation in shopware/platform and shopware/core
Critical
GHSA-88rc-3p98-rgvx
was published
for
shopware/core
(Composer)
Apr 13, 2021
Exposed phpinfo() leadked via documentation files
Moderate
CVE-2021-37704
was published
for
phpfastcache/phpfastcache
(Composer)
Aug 30, 2021
CSRF token exposure in TYPO3 extension
Moderate
CVE-2021-36793
was published
for
lms/routes
(Composer)
Sep 2, 2021
Exposure of Resource to Wrong Sphere in LibreNMS
High
CVE-2020-15877
was published
for
librenms/librenms
(Composer)
Sep 8, 2021
bookstack is vulnerable to Improper Access Control
Moderate
CVE-2021-4194
was published
for
ssddanbrown/bookstack
(Composer)
Jan 8, 2022
Insufficient user authorization in Moodle
Moderate
CVE-2022-0334
was published
for
moodle/moodle
(Composer)
Jan 28, 2022
Exposure of Resource to Wrong Sphere in Drupal Core
High
CVE-2020-13670
was published
for
drupal/core
(Composer)
Feb 12, 2022
Exposure of Resource to Wrong Sphere in ezsystems/ezplatform-kernel
Moderate
CVE-2022-25336
was published
for
ezsystems/ezplatform-kernel
(Composer)
Feb 19, 2022
Exposure of Resource to Wrong Sphere in microweber
Moderate
CVE-2022-0762
was published
for
microweber/microweber
(Composer)
Feb 27, 2022
HTTP caching is marking private HTTP headers as public in Shopware
Moderate
CVE-2022-24747
was published
for
shopware/core
(Composer)
Mar 10, 2022
Sensitive Information Exposure in Sylius
Moderate
CVE-2022-24742
was published
for
sylius/sylius
(Composer)
Mar 14, 2022
Exposure of Resource to Wrong Sphere in ThinkPHP Framework
High
CVE-2022-25481
was published
for
topthink/framework
(Composer)
Mar 22, 2022
Moodle Unauthorized searching of arbitrary blogs by typing full url
Moderate
CVE-2017-7490
was published
for
moodle/moodle
(Composer)
May 13, 2022
Dolibarr Stored Cross-site Scripting
Moderate
CVE-2020-13240
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
JetPack Exposure of Resource to Wrong Sphere
Moderate
CVE-2021-24374
was published
for
automattic/jetpack
(Composer)
May 24, 2022
Moodle Insecure direct object reference (IDOR) in a calendar web service
Moderate
CVE-2021-43560
was published
for
moodle/moodle
(Composer)
May 24, 2022
Unauthenticated Sensitive Information Disclosure vulnerability
Moderate
CVE-2022-34867
was published
for
libreform/libreform
(Composer)
Sep 7, 2022
Moodle No groups filtering in H5P activity attempts report
Moderate
CVE-2022-40316
was published
for
moodle/moodle
(Composer)
Oct 1, 2022
Kirby CMS vulnerable to user enumeration in the brute force protection
Moderate
CVE-2022-39315
was published
for
getkirby/cms
(Composer)
Oct 18, 2022
Moodle may allow teachers to access the names of users they could not otherwise access
Moderate
CVE-2023-28336
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
Moodle may display roles to users who don't have access to them
Moderate
CVE-2023-1402
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
MantisBT may disclose project names to unauthorized users
Moderate
CVE-2023-44394
was published
for
mantisbt/mantisbt
(Composer)
Oct 17, 2023
Moodle Improper Access Control vulnerability
Moderate
CVE-2023-5542
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-5545
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
ProTip!
Advisories are also available from the
GraphQL API