GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20 advisories
Filter by severity
Exposed phpinfo() leadked via documentation files
Moderate
CVE-2021-37704
was published
for
phpfastcache/phpfastcache
(Composer)
Aug 30, 2021
CSRF token exposure in TYPO3 extension
Moderate
CVE-2021-36793
was published
for
lms/routes
(Composer)
Sep 2, 2021
bookstack is vulnerable to Improper Access Control
Moderate
CVE-2021-4194
was published
for
ssddanbrown/bookstack
(Composer)
Jan 8, 2022
Insufficient user authorization in Moodle
Moderate
CVE-2022-0334
was published
for
moodle/moodle
(Composer)
Jan 28, 2022
Exposure of Resource to Wrong Sphere in ezsystems/ezplatform-kernel
Moderate
CVE-2022-25336
was published
for
ezsystems/ezplatform-kernel
(Composer)
Feb 19, 2022
Exposure of Resource to Wrong Sphere in microweber
Moderate
CVE-2022-0762
was published
for
microweber/microweber
(Composer)
Feb 27, 2022
HTTP caching is marking private HTTP headers as public in Shopware
Moderate
CVE-2022-24747
was published
for
shopware/core
(Composer)
Mar 10, 2022
Sensitive Information Exposure in Sylius
Moderate
CVE-2022-24742
was published
for
sylius/sylius
(Composer)
Mar 14, 2022
Moodle Unauthorized searching of arbitrary blogs by typing full url
Moderate
CVE-2017-7490
was published
for
moodle/moodle
(Composer)
May 13, 2022
Dolibarr Stored Cross-site Scripting
Moderate
CVE-2020-13240
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
JetPack Exposure of Resource to Wrong Sphere
Moderate
CVE-2021-24374
was published
for
automattic/jetpack
(Composer)
May 24, 2022
Moodle Insecure direct object reference (IDOR) in a calendar web service
Moderate
CVE-2021-43560
was published
for
moodle/moodle
(Composer)
May 24, 2022
Unauthenticated Sensitive Information Disclosure vulnerability
Moderate
CVE-2022-34867
was published
for
libreform/libreform
(Composer)
Sep 7, 2022
Moodle No groups filtering in H5P activity attempts report
Moderate
CVE-2022-40316
was published
for
moodle/moodle
(Composer)
Oct 1, 2022
Kirby CMS vulnerable to user enumeration in the brute force protection
Moderate
CVE-2022-39315
was published
for
getkirby/cms
(Composer)
Oct 18, 2022
Moodle may allow teachers to access the names of users they could not otherwise access
Moderate
CVE-2023-28336
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
Moodle may display roles to users who don't have access to them
Moderate
CVE-2023-1402
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
MantisBT may disclose project names to unauthorized users
Moderate
CVE-2023-44394
was published
for
mantisbt/mantisbt
(Composer)
Oct 17, 2023
Moodle Improper Access Control vulnerability
Moderate
CVE-2023-5542
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-5545
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
ProTip!
Advisories are also available from the
GraphQL API