GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
24 advisories
Filter by severity
Magento Open Source Improper Authorization vulnerability
High
CVE-2024-45132
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Kirby has insufficient permission checks in the language settings
High
CVE-2024-41964
was published
for
getkirby/cms
(Composer)
Aug 29, 2024
aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account
High
CVE-2024-39323
was published
for
aimeos/ai-admin-graphql
(Composer)
Jul 2, 2024
Silverstripe SiteTree Creation Permission Vulnerability
High
GHSA-3mm9-2p44-rw39
was published
for
silverstripe/cms
(Composer)
May 22, 2024
Dusk plugin may allow unfettered user authentication in misconfigured installs
High
CVE-2024-32003
was published
for
winter/wn-dusk-plugin
(Composer)
Apr 12, 2024
Field injection in the KirbyData text storage handler
High
CVE-2023-38488
was published
for
getkirby/cms
(Composer)
Jul 28, 2023
api-platform/core's secured properties may be accessible within collections
High
CVE-2023-25575
was published
for
api-platform/core
(Composer)
Feb 28, 2023
Magento Improper input validation vulnerability
High
CVE-2022-42344
was published
for
magento/community-edition
(Composer)
Oct 20, 2022
Magento Improper Access Control vulnerability
High
CVE-2022-34255
was published
for
magento/community-edition
(Composer)
Aug 17, 2022
Magento Improper Authorization vulnerability
High
CVE-2022-34256
was published
for
magento/community-edition
(Composer)
Aug 17, 2022
Fix failure to strip Authorization header on HTTP downgrade
High
CVE-2022-31043
was published
for
guzzlehttp/guzzle
(Composer)
Jun 9, 2022
Magento authorization bypass vulnerability
High
CVE-2020-9587
was published
for
magento/community-edition
(Composer)
May 24, 2022
Incorrect Authorization in Dolibarr
High
CVE-2020-12669
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
phpBB 3.0.7 allows remote attackers to bypass intended access restrictions
High
CVE-2010-1627
was published
for
phpbb/phpbb
(Composer)
May 17, 2022
Drupal editor module incorrectly checks access to inline private files
High
CVE-2017-6377
was published
for
drupal/core
(Composer)
May 13, 2022
Incorrect Authorization in microweber
High
CVE-2022-1631
was published
for
microweber/microweber
(Composer)
May 10, 2022
Access Control vulnerability in Dolibarr
High
CVE-2021-37517
was published
for
dolibarr/dolibarr
(Composer)
Apr 1, 2022
Improper Access Control in librenms
High
CVE-2022-0580
was published
for
librenms/librenms
(Composer)
Feb 16, 2022
Drupal core access bypass vulnerability
High
CVE-2020-13677
was published
for
drupal/core
(Composer)
Feb 12, 2022
BuddyPress privilege escalation via REST API
High
CVE-2021-21389
was published
for
buddypress/buddypress
(Composer)
Oct 6, 2021
Incorrect Authorization in TeamPass
High
CVE-2020-12477
was published
for
nilsteampassnet/teampass
(Composer)
Jul 26, 2021
Improper Input Validation in Laravel
High
CVE-2020-24941
was published
for
laravel/framework
(Composer)
May 6, 2021
Privilage Escalation in moodle
High
CVE-2020-25699
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Local File Inclusion by unauthenticated users
High
CVE-2020-15246
was published
for
october/cms
(Composer)
Nov 23, 2020
ProTip!
Advisories are also available from the
GraphQL API