GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
76 advisories
Filter by severity
Improper authentication in Symfony
High
CVE-2019-10911
was published
for
symfony/security
(Composer)
Feb 12, 2020
Disabled users able to log in with third party SSO plugin
High
CVE-2017-1000489
was published
for
mautic/core
(Composer)
Jan 19, 2021
Authentication bypass in MAGMI
Critical
CVE-2020-5777
was published
for
dweeves/magmi
(Composer)
May 6, 2021
Authentication bypass in SilverStripe GraphQL
Moderate
CVE-2020-26136
was published
for
silverstripe/graphql
(Composer)
Jun 10, 2021
Authentication granted to all firewalls instead of just one
Moderate
CVE-2021-32693
was published
for
symfony/security-http
(Composer)
Jun 21, 2021
Unauthenticated SQL Injection in Cachet
High
CVE-2021-39165
was published
for
cachethq/cachet
(Composer)
Aug 30, 2021
Account Takeover in Octobercms
High
CVE-2021-32648
was published
for
october/system
(Composer)
Aug 30, 2021
October CMS auth bypass and account takeover
High
CVE-2021-29487
was published
for
october/system
(Composer)
Aug 30, 2021
Dolibarr vulnerable to Improper Authentication and Improper Access Control
High
CVE-2021-25956
was published
for
dolibarr/dolibarr
(Composer)
Sep 2, 2021
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification
High
CVE-2021-41129
was published
for
pterodactyl/panel
(Composer)
Oct 4, 2021
Deleted Admin Can Sign In to Admin Interface
High
CVE-2021-41126
was published
for
october/october
(Composer)
Oct 6, 2021
Showdoc File Upload Vulnerability
Critical
CVE-2021-41745
was published
for
showdoc/showdoc
(Composer)
Oct 25, 2021
Authentication Bypass in ADOdb/ADOdb
Critical
CVE-2021-3850
was published
for
adodb/adodb-php
(Composer)
Jan 27, 2022
Improper Authentication in phpmyadmin
Moderate
CVE-2022-23807
was published
for
phpmyadmin/phpmyadmin
(Composer)
Jan 28, 2022
Incorrect Authentication in shopware
Moderate
CVE-2022-24748
was published
for
shopware/core
(Composer)
Mar 10, 2022
Incorrect Access Control in ImpressCMS
Moderate
CVE-2021-26598
was published
for
impresscms/impresscms
(Composer)
Mar 29, 2022
Typo3 Authentication Bypass
Critical
CVE-2011-4628
was published
for
typo3/cms
(Composer)
Apr 22, 2022
Improper Authentication in moodle
Moderate
CVE-2022-0985
was published
for
moodle/moodle
(Composer)
Apr 30, 2022
Authentication library in TYPO3 vulnerable to session fixation
High
CVE-2009-0256
was published
for
typo3/cms
(Composer)
May 2, 2022
TYPO3 Authentication Bypass via Salted user password hashes extension
High
CVE-2010-1022
was published
for
typo3/cms-saltedpasswords
(Composer)
May 2, 2022
•
withdrawn
phpMyAdmin Improper Authentication
High
CVE-2018-12613
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 13, 2022
Contao Does Not Expire Tokens Correctly
Critical
CVE-2019-10643
was published
for
contao/contao
(Composer)
May 13, 2022
OXID eShop user impersonation vulnerability
High
CVE-2015-6926
was published
for
oxid-esales/oxideshop-ce
(Composer)
May 13, 2022
Moodle creates a MoodleMobile web-service token with an infinite lifetime
Moderate
CVE-2014-0214
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Authentication Bypass in File Upload
Moderate
CVE-2012-3387
was published
for
moodle/moodle
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API