Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

79 advisories

Loading
Connect-CMS Access control vulnerability Moderate
GHSA-5rjc-jc28-cwgg was published for opensource-workshop/connect-cms (Composer) Feb 7, 2025
Moodle IDOR when accessing list of course badges Moderate
CVE-2024-48899 was published for moodle/moodle (Composer) Nov 20, 2024
Magento Open Source Information Exposure vulnerability Moderate
CVE-2024-45133 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Access Control vulnerability Moderate
CVE-2024-45135 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Access Control vulnerability Moderate
CVE-2024-45124 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Access Control vulnerability Moderate
CVE-2024-45130 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Access Control vulnerability Moderate
CVE-2024-45122 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Access Control vulnerability Moderate
CVE-2024-45121 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Access Control vulnerability Moderate
CVE-2024-45129 was published for magento/community-edition (Composer) Oct 10, 2024
Powermail TYPO3 extension Broken Access Control in the OutputController Moderate
CVE-2024-45233 was published for in2code/powermail (Composer) Aug 29, 2024
Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api Moderate
CVE-2024-42354 was published for shopware/core (Composer) Aug 8, 2024
JoshuaBehrens
FriendlyCaptcha Plugin for TYPO3 Captcha Check Bypass Moderate
CVE-2024-38873 was published for studiomitte/friendlycaptcha (Composer) Jun 21, 2024
Moodle BigBlueButton web service leaks meeting joining information Moderate
CVE-2024-38273 was published for moodle/moodle (Composer) Jun 18, 2024
Magento Open Source Improper Access Control vulnerability Moderate
CVE-2024-34107 was published for magento/community-edition (Composer) Jun 13, 2024
OpenID Connect Authentication (oidc) Typo3 extension Authentication Bypass Moderate
CVE-2024-30173 was published for causal/oidc (Composer) Apr 2, 2024
Improper Access Control in moodle Moderate
CVE-2024-25980 was published for moodle/moodle (Composer) Feb 19, 2024
Improper Access Control in moodle Moderate
CVE-2024-25981 was published for moodle/moodle (Composer) Feb 19, 2024
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme Moderate
CVE-2024-25120 was published for typo3/cms-core (Composer) Feb 13, 2024
sushiwushi bnf
derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module Moderate
CVE-2024-24751 was published for derhansen/sf_event_mgt (Composer) Feb 13, 2024
derhansen
Moodle Improper Access Control vulnerability Moderate
CVE-2024-1439 was published for moodle/moodle (Composer) Feb 12, 2024
phpMyFAQ User Removal Page Allows Spoofing Of User Details Moderate
CVE-2024-22202 was published for phpmyfaq/phpmyfaq (Composer) Feb 5, 2024
PinkDraconian
Broken Access Control order API in Shopware Moderate
CVE-2024-22407 was published for shopware/core (Composer) Jan 17, 2024
Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts Moderate
CVE-2024-21667 was published for pimcore/customer-management-framework-bundle (Composer) Jan 10, 2024
Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list Moderate
CVE-2024-21666 was published for pimcore/customer-management-framework-bundle (Composer) Jan 10, 2024
Pimcore Ecommerce Framework Bundle Improper Access Control allows unprivileged user to access back-office orders list Moderate
CVE-2024-21665 was published for pimcore/ecommerce-framework-bundle (Composer) Jan 10, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database