GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
114 advisories
Filter by severity
Moodle IDOR when accessing list of course badges
Moderate
CVE-2024-48899
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
Moodle BigBlueButton web service leaks meeting joining information
Moderate
CVE-2024-38273
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
Studio 42 elFinder vulnerable to Incorrect Access Control
High
CVE-2024-38909
was published
for
studio-42/elfinder
(Composer)
Jul 30, 2024
derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module
Moderate
CVE-2024-24751
was published
for
derhansen/sf_event_mgt
(Composer)
Feb 13, 2024
Magento Open Source Improper Access Control vulnerability
Moderate
CVE-2024-45130
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Access Control vulnerability
Moderate
CVE-2024-45121
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Access Control vulnerability
High
CVE-2024-45118
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Access Control vulnerability
Moderate
CVE-2024-45122
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Access Control vulnerability
Moderate
CVE-2024-45129
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Access Control vulnerability
Moderate
CVE-2024-45124
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Information Exposure vulnerability
Moderate
CVE-2024-45133
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Access Control vulnerability
Moderate
CVE-2024-45135
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Access Control vulnerability
Low
CVE-2024-45149
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Mautic vulnerable to Improper Access Control in UI upgrade process
High
CVE-2022-25768
was published
for
mautic/core
(Composer)
Sep 18, 2024
Powermail TYPO3 extension Broken Access Control in the OutputController
Moderate
CVE-2024-45233
was published
for
in2code/powermail
(Composer)
Aug 29, 2024
Dolibarr vulnerable to Cross-Site Request Forgery
High
CVE-2024-31503
was published
for
dolibarr/dolibarr
(Composer)
Apr 17, 2024
Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api
Moderate
CVE-2024-42354
was published
for
shopware/core
(Composer)
Aug 8, 2024
Magento Open Source Improper Access Control vulnerability
Moderate
CVE-2024-34107
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
FriendlyCaptcha Plugin for TYPO3 Captcha Check Bypass
Moderate
CVE-2024-38873
was published
for
studiomitte/friendlycaptcha
(Composer)
Jun 21, 2024
BookStack Incorrect Access Control vulnerability
High
CVE-2024-36676
was published
for
ssddanbrown/bookstack
(Composer)
Jul 10, 2024
Exposure of Resource to Wrong Sphere in ThinkPHP Framework
High
CVE-2022-25481
was published
for
topthink/framework
(Composer)
Mar 22, 2022
MediaWiki Incorrect Access Control vulnerability
High
CVE-2019-12472
was published
for
mediawiki/core
(Composer)
May 24, 2022
Mediawiki tarball is missing .htaccess files
Moderate
CVE-2018-13258
was published
for
mediawiki/core
(Composer)
May 14, 2022
Wikimedia MediaWik exposed suppressed log in RevisionDelete page
Moderate
CVE-2019-12470
was published
for
mediawiki/core
(Composer)
May 24, 2022
MediaWiki Incorrect Access Control vulnerability
Moderate
CVE-2019-12469
was published
for
mediawiki/core
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API