GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
160 advisories
Filter by severity
Local file disclosure in PHPMailer
Moderate
CVE-2017-5223
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Potentially sensitive data exposure in Symfony Web Socket Bundle
Moderate
GHSA-wwgf-3xp7-cxj4
was published
for
gos/web-socket-bundle
(Composer)
Jul 7, 2020
Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-32712
was published
for
shopware/shopware
(Composer)
Sep 8, 2021
Shopware contains sensitive data in backend customer module
Moderate
CVE-2022-36101
was published
for
shopware/shopware
(Composer)
Sep 16, 2022
Information Disclosure via Export Module
Moderate
CVE-2022-31046
was published
for
typo3/cms
(Composer)
Jun 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-32716
was published
for
shopware/platform
(Composer)
Sep 8, 2021
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file
Moderate
CVE-2011-3712
was published
for
cakephp/cakephp
(Composer)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in LibreNMS
Moderate
CVE-2019-10667
was published
for
librenms/librenms
(Composer)
Oct 11, 2019
User enumeration leak using switch user functionality in Symfony
Moderate
CVE-2019-18886
was published
for
symfony/security-http
(Composer)
Dec 2, 2019
List of order ids, number, items total and token value exposed for unauthorized uses via new API
Moderate
CVE-2021-32720
was published
for
sylius/sylius
(Composer)
Jun 29, 2021
Password exposure in concrete5/core
Moderate
CVE-2021-22951
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Moodle
Moderate
CVE-2020-25703
was published
for
moodle/moodle
(Composer)
Oct 21, 2021
Exposed phpinfo() leadked via documentation files
Moderate
CVE-2021-37704
was published
for
phpfastcache/phpfastcache
(Composer)
Aug 30, 2021
Exposure of sensitive information in concrete5/core
Moderate
CVE-2021-22967
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Pixelfed allows user enumeration via reset password functionality
Moderate
CVE-2023-0901
was published
for
pixelfed/pixelfed
(Composer)
Feb 18, 2023
HTTP caching is marking private HTTP headers as public in Shopware
Moderate
CVE-2022-24747
was published
for
shopware/core
(Composer)
Mar 10, 2022
Sensitive Information Exposure in Sylius
Moderate
CVE-2022-24742
was published
for
sylius/sylius
(Composer)
Mar 14, 2022
Sensitive Data Exposure in elFinder
Moderate
CVE-2019-5884
was published
for
studio-42/elfinder
(Composer)
May 13, 2022
PrestaShop has potential Information exposure in the upload directory
Moderate
CVE-2022-46158
was published
for
prestashop/prestashop
(Composer)
Dec 8, 2022
Centreon Sensitive Data Exposure vulnerability
Moderate
CVE-2020-10945
was published
for
centreon/centreon
(Composer)
May 24, 2022
Exposure of Sensitive Information in snipe/snipe-it
Moderate
CVE-2022-0569
was published
for
snipe/snipe-it
(Composer)
Feb 15, 2022
Exposure of Sensitive Information to an Unauthorized Actor in librenms
Moderate
CVE-2022-0588
was published
for
librenms/librenms
(Composer)
Feb 16, 2022
Flarum Core Leaks PII
Moderate
CVE-2018-19133
was published
for
flarum/framework
(Composer)
May 14, 2022
Silverstripe CMS User Enumeration
Moderate
CVE-2017-12849
was published
for
silverstripe/cms
(Composer)
May 17, 2022
phpMyAdmin ReCaptcha bypass
Moderate
CVE-2015-6830
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API