GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
45 advisories
Filter by severity
Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users
Moderate
CVE-2024-43438
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Magento Open Source Improper Authorization vulnerability
Moderate
CVE-2024-45131
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Incorrect Authorization vulnerability
Moderate
CVE-2024-45125
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Improper Authorization vulnerability
Moderate
CVE-2024-45128
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Silverstripe Reports are still accessible even when `canView()` returns false
Moderate
CVE-2024-29885
was published
for
silverstripe/reports
(Composer)
Jul 17, 2024
aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records
Moderate
CVE-2024-39322
was published
for
aimeos/ai-admin-jsonadm
(Composer)
Jul 2, 2024
Magento Open Source Incorrect Authorization vulnerability
Moderate
CVE-2024-34106
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
TYPO3 Broken Access Control in Import Module
Moderate
GHSA-g776-759r-pf6x
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Sulu grants access to pages regardless of role permissions
Moderate
CVE-2024-27915
was published
for
sulu/sulu
(Composer)
Mar 4, 2024
derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module
Moderate
CVE-2024-24751
was published
for
derhansen/sf_event_mgt
(Composer)
Feb 13, 2024
phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes
Moderate
CVE-2024-22208
was published
for
phpmyfaq/phpmyfaq
(Composer)
Feb 5, 2024
No permission checks for editing/deleting records with CSV import form
Moderate
CVE-2023-49783
was published
for
silverstripe/admin
(Composer)
Jan 23, 2024
View permissions are bypassed for paginated lists of ORM data
Moderate
CVE-2023-44401
was published
for
silverstripe/graphql
(Composer)
Jan 23, 2024
Pimcore Customer Management Framework vulnerable to Improper Authorization in Rules Controller
Moderate
CVE-2023-3574
was published
for
pimcore/customer-management-framework-bundle
(Composer)
Jul 10, 2023
Access bypass in Drupal core
Moderate
CVE-2022-25274
was published
for
drupal/core
(Composer)
Apr 26, 2023
Improper Authorization in grumpydictator/firefly-iii
Moderate
CVE-2023-0298
was published
for
grumpydictator/firefly-iii
(Composer)
Jan 14, 2023
Moodle Incorrect Authorization
Moderate
CVE-2021-40692
was published
for
moodle/moodle
(Composer)
Sep 30, 2022
Incorrect Authorization in thinkcmf
Moderate
CVE-2021-40616
was published
for
thinkcmf/thinkcmf
(Composer)
Jun 15, 2022
Magento Improper Authorization vulnerability in the customers module
Moderate
CVE-2021-28567
was published
for
magento/community-edition
(Composer)
May 24, 2022
Missing permission check in Moodle
Moderate
CVE-2021-20283
was published
for
moodle/moodle
(Composer)
May 24, 2022
Moodle Bypass email verification secret when confirming account registration
Moderate
CVE-2021-20282
was published
for
moodle/moodle
(Composer)
May 24, 2022
WooCommerce Incorrect Authorization
Moderate
CVE-2020-29156
was published
for
woocommerce/woocommerce
(Composer)
May 24, 2022
Magento 2 Community Edition Incorrect Authorization
Moderate
CVE-2020-24401
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento security mitigation bypass vulnerability
Moderate
CVE-2020-9692
was published
for
magento/community-edition
(Composer)
May 24, 2022
Moodle Logged in users could view all calendar events
Moderate
CVE-2019-3848
was published
for
moodle/moodle
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API