GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
160 advisories
Filter by severity
Read private customer data reclaiming carts in Klaviyo Magento
Moderate
GHSA-hvgw-gg3p-295j
was published
for
klaviyo/magento2-extension
(Composer)
May 15, 2024
eZ Platform REST API returns list of all SiteAccesses
Moderate
GHSA-9wwx-c723-vm8x
was published
for
ezsystems/ezpublish-kernel
(Composer)
May 15, 2024
endroid/qr-code-bundle File Disclosure via logo_path query parameter
Moderate
GHSA-mvf6-3f2g-xfxf
was published
for
endroid/qr-code-bundle
(Composer)
May 15, 2024
Anonymous PrestaShop customer can download other customers' invoices
Moderate
CVE-2024-34717
was published
for
prestashop/prestashop
(Composer)
May 14, 2024
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController
Moderate
CVE-2024-34358
was published
for
typo3/cms-core
(Composer)
May 14, 2024
MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2024-34080
was published
for
mantisbt/mantisbt
(Composer)
May 13, 2024
Pimcore Preview Documents are not restricted to logged in users anymore
Moderate
CVE-2024-29197
was published
for
pimcore/pimcore
(Composer)
Mar 26, 2024
Storefront user can access history and most viewed data from matching back-office user with the same ID
Moderate
CVE-2023-48296
was published
for
oro/customer-portal
(Composer)
Mar 25, 2024
Pinned entity creation form shows wrong data
Moderate
CVE-2023-45824
was published
for
oro/platform
(Composer)
Mar 25, 2024
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
Moderate
CVE-2024-25120
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key
Moderate
CVE-2024-25119
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords
Moderate
CVE-2024-25118
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
Moderate
CVE-2023-48714
was published
for
silverstripe/framework
(Composer)
Jan 23, 2024
Test code in published microsoft-graph-beta package exposes phpinfo()
Moderate
GHSA-7mc6-x925-7qvx
was published
for
microsoft/microsoft-graph-beta
(Composer)
Dec 5, 2023
Test code in published microsoft-graph-core package exposes phpinfo()
Moderate
CVE-2023-49283
was published
for
microsoft/microsoft-graph-core
(Composer)
Dec 5, 2023
Test code in published microsoft-graph package exposes phpinfo()
Moderate
CVE-2023-49282
was published
for
microsoft/microsoft-graph
(Composer)
Dec 5, 2023
LibreNMS has Broken Access control on Graphs Feature
Moderate
CVE-2023-48294
was published
for
librenms/librenms
(Composer)
Nov 17, 2023
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-5545
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
MantisBT may disclose project names to unauthorized users
Moderate
CVE-2023-44394
was published
for
mantisbt/mantisbt
(Composer)
Oct 17, 2023
Pimcore Demo Allows GraphQL Introspection
Moderate
CVE-2023-5192
was published
for
pimcore/demo
(Composer)
Sep 27, 2023
MongoDB Driver may publish events containing authentication-related data
Moderate
CVE-2021-32050
was published
for
github.com/mongodb/mongo-swift-driver
(Composer)
Aug 29, 2023
Shopware dependency configuration exposed
Moderate
CVE-2023-34098
was published
for
shopware/shopware
(Composer)
Jun 28, 2023
Moodle may display roles to users who don't have access to them
Moderate
CVE-2023-1402
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
Moodle may allow authenticated users to enumerate other user's names via learning plans page
Moderate
CVE-2023-28334
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
Moodle may allow teachers to access the names of users they could not otherwise access
Moderate
CVE-2023-28336
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
ProTip!
Advisories are also available from the
GraphQL API