GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
160 advisories
Filter by severity
Moodle IDOR when accessing list of badge recipients
Moderate
CVE-2024-48900
was published
for
moodle/moodle
(Composer)
Nov 13, 2024
Magento Open Source Information Exposure vulnerability
Moderate
CVE-2024-45134
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
MantisBT vulnerable to information disclosure with user profiles
Moderate
CVE-2024-45792
was published
for
mantisbt/mantisbt
(Composer)
Sep 30, 2024
Mautic allows users enumeration due to weak password login
Moderate
CVE-2024-47059
was published
for
mautic/core
(Composer)
Sep 18, 2024
Pimcore vulnerable to disclosure of system and database information behind /admin firewall
Moderate
CVE-2024-41109
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Jul 30, 2024
Silverstripe Reports are still accessible even when `canView()` returns false
Moderate
CVE-2024-29885
was published
for
silverstripe/reports
(Composer)
Jul 17, 2024
Zend-developer-tools information disclosure vulnerability
Moderate
GHSA-qg7m-mwxm-j3h7
was published
for
zendframework/zend-developer-tools
(Composer)
Jun 7, 2024
ZendFramework Information Disclosure and Insufficient Entropy vulnerability
Moderate
GHSA-2fhr-8r8r-qp56
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
TYPO3 Information Disclosure in Install Tool
Moderate
GHSA-6487-3qvg-8px9
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Information Disclosure of Installed Extensions
Moderate
GHSA-f624-8hfq-5fh3
was published
for
typo3/cms
(Composer)
Jun 7, 2024
Typo3 Arbitrary File Disclosure in Form Component
Moderate
GHSA-wrpf-2x8h-82gr
was published
for
typo3/cms
(Composer)
Jun 4, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
Moderate
CVE-2024-34004
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
Moderate
CVE-2024-34005
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
Moderate
CVE-2024-34003
was published
for
moodle/moodle
(Composer)
May 31, 2024
TYPO3 Frontend vulnerable to Unauthenticated Path Disclosure
Moderate
GHSA-pqfv-97hj-g97g
was published
for
typo3/cms
(Composer)
May 30, 2024
TYPO3 Information Disclosure Vulnerability Exploitable by Editors
Moderate
GHSA-r287-hc8j-w56h
was published
for
typo3/cms
(Composer)
May 30, 2024
TYPO3 Disclosure of Information about Installed Extensions
Moderate
GHSA-p2h4-7fp3-cmh8
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Information Disclosure in Page Tree
Moderate
GHSA-wvvp-jwf5-qcpc
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Information Disclosure in Install Tool
Moderate
GHSA-66c2-7g4p-wx4p
was published
for
typo3/cms-core
(Composer)
May 30, 2024
silverstripe/userforms file upload exposure on UserForms module
Moderate
GHSA-55pp-293f-3365
was published
for
silverstripe/userforms
(Composer)
May 28, 2024
silverstripe/framework vulnerable to member disclosure in login form
Moderate
GHSA-crr3-h4m8-7f56
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms
Moderate
GHSA-r3pr-fh25-wrfc
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework's URL parameters `isDev` and `isTest` unguarded
Moderate
GHSA-55qg-6c4m-mw6g
was published
for
silverstripe/framework
(Composer)
May 27, 2024
silverstripe/framework member disclosure in login form
Moderate
GHSA-g84q-cq55-xwgp
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Data Leakage Vulnerability in livewire/livewire
Moderate
GHSA-qwvp-268g-jjm8
was published
for
livewire/livewire
(Composer)
May 15, 2024
ProTip!
Advisories are also available from the
GraphQL API