GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
50 advisories
Filter by severity
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
High
CVE-2024-34002
was published
for
moodle/moodle
(Composer)
May 31, 2024
phpBB vulnerable to sensitive information disclosure
High
CVE-2008-6507
was published
for
phpbb/phpbb
(Composer)
May 17, 2022
Sylius has a security vulnerability via adjustments API endpoint
High
CVE-2024-40633
was published
for
sylius/sylius
(Composer)
Jul 17, 2024
Craft CMS discloses password hashes
High
CVE-2022-37783
was published
for
craftcms/cms
(Composer)
Dec 5, 2022
Adminer file disclosure vulnerability
High
GHSA-97h7-mf38-g9mf
was published
for
vrana/adminer
(Composer)
Jun 7, 2024
Symfony allows direct access of ESI URLs behind a trusted proxy
High
CVE-2014-5245
was published
for
symfony/http-kernel
(Composer)
May 30, 2024
Silverstripe CMS information disclosure
High
CVE-2020-6164
was published
for
silverstripe/cms
(Composer)
May 24, 2022
Wikimedia information leak vulnerability
High
CVE-2019-12474
was published
for
mediawiki/core
(Composer)
May 24, 2022
eZ Platform User data disclosure
High
GHSA-3g43-xfrw-pv5m
was published
for
ezsystems/repository-forms
(Composer)
May 15, 2024
eZ Publish Information disclosure in backend content tree menu
High
GHSA-cc2j-92jq-wgjg
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
Dolibarr sensitive information disclosure
High
CVE-2017-17898
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Gravity Forms plugin leak hashed passwords
High
CVE-2020-13764
was published
for
wp-premium/gravityforms
(Composer)
May 24, 2022
Zend Framework Information Disclosure
High
CVE-2015-7503
was published
for
zendframework/zend-crypt
(Composer)
May 17, 2022
Drupal Comment reply form allows access to restricted content
High
CVE-2017-6926
was published
for
drupal/core
(Composer)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in PhpMyAdmin
High
CVE-2022-0813
was published
for
phpmyadmin/phpmyadmin
(Composer)
Mar 11, 2022
Contao: Possible cookie sharing with external domains while checking protected pages for broken links
High
CVE-2024-28235
was published
for
contao/core-bundle
(Composer)
Apr 9, 2024
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
High
CVE-2024-25121
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
High
CVE-2020-15099
was published
for
typo3/cms
(Composer)
Jul 29, 2020
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
High
CVE-2020-15098
was published
for
typo3/cms
(Composer)
Jul 29, 2020
Cross-domain cookie leakage in Guzzle
High
CVE-2022-29248
was published
for
guzzlehttp/guzzle
(Composer)
May 25, 2022
Magento 2 Community Edition Information Leak
High
CVE-2019-7951
was published
for
magento/community-edition
(Composer)
May 24, 2022
Moodle uses predictable password-recovery tokens
High
CVE-2015-5267
was published
for
moodle/moodle
(Composer)
May 13, 2022
Magento defense-in-depth security mitigation vulnerability
High
CVE-2020-9591
was published
for
magento/community-edition
(Composer)
May 24, 2022
Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method
High
CVE-2023-48122
was published
for
microweber/microweber
(Composer)
Dec 8, 2023
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation
High
CVE-2020-13700
was published
for
airesvsg/acf-to-rest-api
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API