GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,778
Maven
5,000+
npm
3,542
NuGet
619
pip
3,127
Pub
10
RubyGems
838
Rust
791
Swift
34
Unreviewed advisories
All unreviewed
5,000+
71 advisories
Filter by severity
TYPO3 CMS missing check for expiration time of password reset token for backend users
Moderate
CVE-2022-36106
was published
for
typo3/cms
(Composer)
Sep 16, 2022
Cockpit Content Platform vulnerable to 2FA bypass
High
CVE-2022-2818
was published
for
cockpit-hq/cockpit
(Composer)
Aug 16, 2022
Unpublished, protected files can be published via shortcode
Moderate
CVE-2022-29858
was published
for
silverstripe/assets
(Composer)
Jun 29, 2022
Magento Broken authentication and session managememt
Critical
CVE-2019-8149
was published
for
magento/community-edition
(Composer)
May 24, 2022
Codiad Vulnerable to PHP Magic Hash Vulnerability
High
CVE-2020-23355
was published
for
codiad/codiad
(Composer)
May 24, 2022
Moodle Oauth 2 Insufficiently Protects Against Compromise
Critical
CVE-2019-14880
was published
for
moodle/moodle
(Composer)
May 24, 2022
Dolibarr Improper Restriction of Excessive Authentication Attempts
Critical
CVE-2020-7995
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Magento Broken authentication and session managememt
Moderate
CVE-2019-8108
was published
for
magento/community-edition
(Composer)
May 24, 2022
Symfony Allows URI Restrictions Bypass Via Double-Encoded String
Moderate
CVE-2012-6431
was published
for
symfony/http-foundation
(Composer)
May 17, 2022
TYPO3 Improper Session Invalidation
Moderate
CVE-2014-3944
was published
for
typo3/cms
(Composer)
May 17, 2022
GeniXCMS Arbitrary User Password Reset Vulnerability
Critical
CVE-2017-8827
was published
for
genix/cms
(Composer)
May 17, 2022
Zend Access Restriction Bypass
Moderate
CVE-2014-8088
was published
for
zendframework/zendframework
(Composer)
May 17, 2022
Symfony Authentication Bypass
Critical
CVE-2018-11407
was published
for
symfony/security
(Composer)
May 14, 2022
Symfony Authentication Bypass
Critical
CVE-2016-2403
was published
for
symfony/security
(Composer)
May 14, 2022
Unauthenticated File Read in PHP Proxy
High
CVE-2018-19458
was published
for
athlon1600/php-proxy-app
(Composer)
May 14, 2022
Dolibarr allows password changes without supplying the current password
Moderate
CVE-2017-8879
was published
for
dolibarr/dolibarr
(Composer)
May 13, 2022
Moodle Improper Authentication
High
CVE-2018-1082
was published
for
moodle/moodle
(Composer)
May 13, 2022
Mediawiki BotPassword can bypass CentralAuth's account lock
Moderate
CVE-2018-0505
was published
for
mediawiki/core
(Composer)
May 13, 2022
ThinkAdmin Administrator cookies still working after password change
Critical
CVE-2019-11018
was published
for
zoujingli/thinkadmin
(Composer)
May 13, 2022
Moodle Users Can Bypass Deleted Status
Moderate
CVE-2012-0797
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Allows Unauthenticated Dropbox Access
Moderate
CVE-2012-5471
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Authentication Bypass in File Upload
Moderate
CVE-2012-3387
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle creates a MoodleMobile web-service token with an infinite lifetime
Moderate
CVE-2014-0214
was published
for
moodle/moodle
(Composer)
May 13, 2022
OXID eShop user impersonation vulnerability
High
CVE-2015-6926
was published
for
oxid-esales/oxideshop-ce
(Composer)
May 13, 2022
Contao Does Not Expire Tokens Correctly
Critical
CVE-2019-10643
was published
for
contao/contao
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API