GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
45 advisories
Filter by severity
moodle: Some users can delete audiences of other reports
Moderate
CVE-2024-48898
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
Moodle's IDOR in badges allows deletion of arbitrary badges
Moderate
CVE-2024-43431
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Snipe-IT allows users to promote or demote themselves or other users
High
CVE-2024-5685
was published
for
snipe/snipe-it
(Composer)
Jun 14, 2024
TYPO3 Information Disclosure in Backend User Interface
Moderate
GHSA-rv8r-8mh5-5376
was published
for
typo3/cms-core
(Composer)
May 30, 2024
SimpleSAMLphp Information Disclosure vulnerability
Moderate
GHSA-ppm4-r2vc-pg74
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
silverstripe/framework missing ACL on reports
Moderate
GHSA-52cx-hpc5-cxwc
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Pimcore Admin Classic Bundle permissions are not getting checked when working with tags
Moderate
CVE-2024-24822
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Feb 7, 2024
Dolibarr Improper Input Validation vulnerability
Moderate
CVE-2023-4198
was published
for
dolibarr/dolibarr
(Composer)
Nov 1, 2023
Froxlor vulnerable to business logic errors
Low
CVE-2023-4304
was published
for
froxlor/froxlor
(Composer)
Aug 11, 2023
Silverstripe Framework: Members with no password can be created and bypass custom login forms
Low
CVE-2023-32302
was published
for
silverstripe/framework
(Composer)
Jul 31, 2023
Missing permission check of canView in GridFieldPrintButton
Moderate
CVE-2023-22728
was published
for
silverstripe/framework
(Composer)
Apr 26, 2023
Access control issue in ezsystems/ezpublish-kernel
Critical
CVE-2022-48367
was published
for
ezsystems/ezpublish-kernel
(Composer)
Mar 12, 2023
Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted
Low
CVE-2023-22489
was published
for
flarum/core
(Composer)
Jan 10, 2023
Flarum notifications can leak restricted content
Moderate
CVE-2023-22488
was published
for
flarum/core
(Composer)
Jan 10, 2023
PrestaShop has potential Information exposure in the upload directory
Moderate
CVE-2022-46158
was published
for
prestashop/prestashop
(Composer)
Dec 8, 2022
Moodle No groups filtering in H5P activity attempts report
Moderate
CVE-2022-40316
was published
for
moodle/moodle
(Composer)
Oct 1, 2022
Missing permission check in Moodle
Moderate
CVE-2021-20283
was published
for
moodle/moodle
(Composer)
May 24, 2022
Moodle incorrect access control
High
CVE-2020-25629
was published
for
moodle/moodle
(Composer)
May 24, 2022
Moodle Email media URL tokens were not checking for user status
Moderate
CVE-2019-14883
was published
for
moodle/moodle
(Composer)
May 24, 2022
MediaWiki information disclosure
Moderate
CVE-2019-16738
was published
for
mediawiki/core
(Composer)
May 24, 2022
Moodle Ability to delete glossary entries that belong to another glossary
Moderate
CVE-2019-10187
was published
for
moodle/moodle
(Composer)
May 24, 2022
Dolibarr arbitrary commands execution
High
CVE-2018-10092
was published
for
dolibarr/dolibarr
(Composer)
May 13, 2022
Improper Access Control in snipe/snipe-it
Moderate
CVE-2022-1511
was published
for
snipe/snipe-it
(Composer)
Apr 29, 2022
Moodle Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-32472
was published
for
moodle/moodle
(Composer)
Mar 12, 2022
Moodle Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-32477
was published
for
moodle/moodle
(Composer)
Mar 12, 2022
ProTip!
Advisories are also available from the
GraphQL API