GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
Craft CMS Allows TOTP Token To Stay Valid After Use
Moderate
CVE-2024-41800
was published
for
craftcms/cms
(Composer)
Jul 25, 2024
Firefly III has a MFA bypass in oauth flow
Moderate
CVE-2024-37893
was published
for
grumpydictator/firefly-iii
(Composer)
Jun 17, 2024
Improper Authentication in CraftCMS two factor authentication plugin
Moderate
CVE-2024-5658
was published
for
born05/craft-twofactorauthentication
(Composer)
Jun 6, 2024
Authentication Bypass in TYPO3 CMS
Moderate
GHSA-6xh8-8pfv-53vx
was published
for
typo3/cms
(Composer)
Jun 5, 2024
Symfony may allow a user to switch to using another user's identity
Moderate
GHSA-7mx2-7q8p-pgmw
was published
for
symfony/symfony
(Composer)
May 30, 2024
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`
Moderate
GHSA-p5h2-vr99-xm99
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Mediawiki BotPassword can bypass CentralAuth's account lock
Moderate
CVE-2018-0505
was published
for
mediawiki/core
(Composer)
May 13, 2022
Magento Broken authentication and session managememt
Moderate
CVE-2019-8108
was published
for
magento/community-edition
(Composer)
May 24, 2022
TYPO3 Improper Session Invalidation
Moderate
CVE-2014-3944
was published
for
typo3/cms
(Composer)
May 17, 2022
Dolibarr allows password changes without supplying the current password
Moderate
CVE-2017-8879
was published
for
dolibarr/dolibarr
(Composer)
May 13, 2022
Moodle type juggling vulnerability
Moderate
CVE-2021-40693
was published
for
moodle/moodle
(Composer)
Sep 30, 2022
Zend Access Restriction Bypass
Moderate
CVE-2014-8088
was published
for
zendframework/zendframework
(Composer)
May 17, 2022
Improper Authentication in phpmyadmin
Moderate
CVE-2022-23807
was published
for
phpmyadmin/phpmyadmin
(Composer)
Jan 28, 2022
Authentication bypass in SilverStripe GraphQL
Moderate
CVE-2020-26136
was published
for
silverstripe/graphql
(Composer)
Jun 10, 2021
Symfony Allows URI Restrictions Bypass Via Double-Encoded String
Moderate
CVE-2012-6431
was published
for
symfony/http-foundation
(Composer)
May 17, 2022
Authentication granted to all firewalls instead of just one
Moderate
CVE-2021-32693
was published
for
symfony/security-http
(Composer)
Jun 21, 2021
Moodle creates a MoodleMobile web-service token with an infinite lifetime
Moderate
CVE-2014-0214
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Users Can Bypass Deleted Status
Moderate
CVE-2012-0797
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Allows Unauthenticated Dropbox Access
Moderate
CVE-2012-5471
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Authentication Bypass in File Upload
Moderate
CVE-2012-3387
was published
for
moodle/moodle
(Composer)
May 13, 2022
yiisoft/yii2-authclient's Oauth2 PKCE implementation is vulnerable
Moderate
CVE-2023-50714
was published
for
yiisoft/yii2-authclient
(Composer)
Dec 18, 2023
TYPO3 vulnerable to Weak Authentication in Session Handling
Moderate
CVE-2023-47127
was published
for
typo3/cms-core
(Composer)
Nov 14, 2023
pimcore/admin-ui-classic-bundle Unverified Password Change
Moderate
CVE-2023-5844
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Oct 31, 2023
TYPO3 extension femanager Broken Access Control vulnerability
Moderate
CVE-2023-45023
was published
for
in2code/femanager
(Composer)
Oct 4, 2023
Improper Authentication in moodle
Moderate
CVE-2022-0985
was published
for
moodle/moodle
(Composer)
Apr 30, 2022
ProTip!
Advisories are also available from the
GraphQL API