GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
50 advisories
Filter by severity
Improper authentication in Symfony
High
CVE-2019-10911
was published
for
symfony/security
(Composer)
Feb 12, 2020
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
High
CVE-2020-15098
was published
for
typo3/cms
(Composer)
Jul 29, 2020
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
High
CVE-2020-15099
was published
for
typo3/cms
(Composer)
Jul 29, 2020
Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID
High
CVE-2018-10189
was published
for
mautic/core
(Composer)
Jan 19, 2021
Private files publicly accessible with Cloud Storage providers
High
GHSA-vrf2-xghr-j52v
was published
for
shopware/core
(Composer)
Jun 28, 2021
Exposure of Sensitive Information to an Unauthorized Actor
High
CVE-2021-32717
was published
for
shopware/platform
(Composer)
Sep 8, 2021
Any storage file can be downloaded from p.sh if full server path is known
High
GHSA-gqcf-83rq-gpfr
was published
for
ibexa/post-install
(Composer)
Sep 14, 2021
Any storage file can be downloaded from p.sh if full server path is known
High
GHSA-2rh5-jvgx-pgw3
was published
for
ezsystems/ezplatform
(Composer)
Sep 14, 2021
Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS
High
CVE-2021-41120
was published
for
sylius/paypal-plugin
(Composer)
Oct 6, 2021
Unrestricted access to predictable file paths in hov/jobfair
High
CVE-2021-43564
was published
for
hov/jobfair
(Composer)
Nov 15, 2021
Exposure of Sensitive Information to an Unauthorized Actor in microweber
High
CVE-2022-0281
was published
for
microweber/microweber
(Composer)
Jan 21, 2022
Exposure of Sensitive Information to an Unauthorized Actor in PhpMyAdmin
High
CVE-2022-0813
was published
for
phpmyadmin/phpmyadmin
(Composer)
Mar 11, 2022
Moodle uses predictable password-recovery tokens
High
CVE-2015-5267
was published
for
moodle/moodle
(Composer)
May 13, 2022
October CMS Local File Inclusion
High
CVE-2018-1999009
was published
for
october/october
(Composer)
May 13, 2022
LFI in PHP-Proxy 5.1.0
High
CVE-2018-19246
was published
for
athlon1600/php-proxy
(Composer)
May 14, 2022
Drupal Comment reply form allows access to restricted content
High
CVE-2017-6926
was published
for
drupal/core
(Composer)
May 14, 2022
Dolibarr sensitive information disclosure
High
CVE-2017-17898
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Zend Framework Information Disclosure
High
CVE-2015-7503
was published
for
zendframework/zend-crypt
(Composer)
May 17, 2022
Dolibarr ERP and CRM Sensitive Data Disclosure
High
CVE-2017-14240
was published
for
dolibarr/dolibarr
(Composer)
May 17, 2022
phpBB vulnerable to sensitive information disclosure
High
CVE-2008-6507
was published
for
phpbb/phpbb
(Composer)
May 17, 2022
Wikimedia information leak vulnerability
High
CVE-2019-12474
was published
for
mediawiki/core
(Composer)
May 24, 2022
Magento 2 Community Edition Information Leak
High
CVE-2019-7951
was published
for
magento/community-edition
(Composer)
May 24, 2022
Gravity Forms plugin leak hashed passwords
High
CVE-2020-13764
was published
for
wp-premium/gravityforms
(Composer)
May 24, 2022
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation
High
CVE-2020-13700
was published
for
airesvsg/acf-to-rest-api
(Composer)
May 24, 2022
Magento defense-in-depth security mitigation vulnerability
High
CVE-2020-9591
was published
for
magento/community-edition
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API