Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

27 advisories

Loading
Leak of information via Store-API aggregations in shopware/platform and shopware/core Critical
GHSA-qg7c-q3vq-rgxr was published for shopware/core (Composer) Apr 13, 2021
After order payment process manipulation in shopware/platform and shopware/core Critical
GHSA-88rc-3p98-rgvx was published for shopware/core (Composer) Apr 13, 2021
Exposed phpinfo() leadked via documentation files Moderate
CVE-2021-37704 was published for phpfastcache/phpfastcache (Composer) Aug 30, 2021
Geolim4
CSRF token exposure in TYPO3 extension Moderate
CVE-2021-36793 was published for lms/routes (Composer) Sep 2, 2021
Exposure of Resource to Wrong Sphere in LibreNMS High
CVE-2020-15877 was published for librenms/librenms (Composer) Sep 8, 2021
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4194 was published for ssddanbrown/bookstack (Composer) Jan 8, 2022
Insufficient user authorization in Moodle Moderate
CVE-2022-0334 was published for moodle/moodle (Composer) Jan 28, 2022
Exposure of Resource to Wrong Sphere in Drupal Core High
CVE-2020-13670 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607
Exposure of Resource to Wrong Sphere in ezsystems/ezplatform-kernel Moderate
CVE-2022-25336 was published for ezsystems/ezplatform-kernel (Composer) Feb 19, 2022
Exposure of Resource to Wrong Sphere in microweber Moderate
CVE-2022-0762 was published for microweber/microweber (Composer) Feb 27, 2022
HTTP caching is marking private HTTP headers as public in Shopware Moderate
CVE-2022-24747 was published for shopware/core (Composer) Mar 10, 2022
UlrichThomasGabor
Sensitive Information Exposure in Sylius Moderate
CVE-2022-24742 was published for sylius/sylius (Composer) Mar 14, 2022
Exposure of Resource to Wrong Sphere in ThinkPHP Framework High
CVE-2022-25481 was published for topthink/framework (Composer) Mar 22, 2022
Moodle Unauthorized searching of arbitrary blogs by typing full url Moderate
CVE-2017-7490 was published for moodle/moodle (Composer) May 13, 2022
Dolibarr Stored Cross-site Scripting Moderate
CVE-2020-13240 was published for dolibarr/dolibarr (Composer) May 24, 2022
JetPack Exposure of Resource to Wrong Sphere Moderate
CVE-2021-24374 was published for automattic/jetpack (Composer) May 24, 2022
Moodle Insecure direct object reference (IDOR) in a calendar web service Moderate
CVE-2021-43560 was published for moodle/moodle (Composer) May 24, 2022
Unauthenticated Sensitive Information Disclosure vulnerability Moderate
CVE-2022-34867 was published for libreform/libreform (Composer) Sep 7, 2022
Moodle No groups filtering in H5P activity attempts report Moderate
CVE-2022-40316 was published for moodle/moodle (Composer) Oct 1, 2022
Kirby CMS vulnerable to user enumeration in the brute force protection Moderate
CVE-2022-39315 was published for getkirby/cms (Composer) Oct 18, 2022
Moodle may allow teachers to access the names of users they could not otherwise access Moderate
CVE-2023-28336 was published for moodle/moodle (Composer) Mar 23, 2023
Moodle may display roles to users who don't have access to them Moderate
CVE-2023-1402 was published for moodle/moodle (Composer) Mar 23, 2023
MantisBT may disclose project names to unauthorized users Moderate
CVE-2023-44394 was published for mantisbt/mantisbt (Composer) Oct 17, 2023
Moodle Improper Access Control vulnerability Moderate
CVE-2023-5542 was published for moodle/moodle (Composer) Nov 9, 2023
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-5545 was published for moodle/moodle (Composer) Nov 9, 2023
ProTip! Advisories are also available from the GraphQL API