Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

71 advisories

Loading
Firefly III has a MFA bypass in oauth flow Moderate
CVE-2024-37893 was published for grumpydictator/firefly-iii (Composer) Jun 17, 2024
Skelmis
Improper Authentication in CraftCMS two factor authentication plugin Moderate
CVE-2024-5658 was published for born05/craft-twofactorauthentication (Composer) Jun 6, 2024
ZendOpenID potential security issue in login mechanism High
GHSA-3x57-m5p4-rgh4 was published for zendframework/zendopenid (Composer) Jun 7, 2024
Zendframework potential security issue in login mechanism High
GHSA-9v78-h226-2rmq was published for zendframework/zendframework1 (Composer) Jun 7, 2024
TYPO3 Security Misconfiguration for Backend User Accounts High
GHSA-c5mj-39cf-3pp5 was published for typo3/cms (Composer) Jun 7, 2024
Authentication Bypass in TYPO3 CMS Moderate
GHSA-6xh8-8pfv-53vx was published for typo3/cms (Composer) Jun 5, 2024
TYPO3 Security Misconfiguration for Backend User Accounts High
GHSA-rxc9-f2x6-qh4w was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 CMS Authentication Bypass vulnerability High
GHSA-x4rj-f7m6-42c3 was published for typo3/cms-core (Composer) May 30, 2024
Thelia authentication bypass vulnerability High
GHSA-g8pg-33v4-9r96 was published for thelia/thelia (Composer) May 30, 2024
Symfony may allow a user to switch to using another user's identity Moderate
GHSA-7mx2-7q8p-pgmw was published for symfony/symfony (Composer) May 30, 2024
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()` Moderate
GHSA-p5h2-vr99-xm99 was published for silverstripe/framework (Composer) May 27, 2024
scheb/two-factor-bundle bypass two-factor authentication with remember-me option High
GHSA-9phw-7h96-q3rv was published for scheb/two-factor-bundle (Composer) May 21, 2024
scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token High
GHSA-h6mp-mc7g-mg49 was published for scheb/two-factor-bundle (Composer) May 21, 2024
Mediawiki BotPassword can bypass CentralAuth's account lock Moderate
CVE-2018-0505 was published for mediawiki/core (Composer) May 13, 2022
Magento Broken authentication and session managememt Critical
CVE-2019-8149 was published for magento/community-edition (Composer) May 24, 2022
Magento Broken authentication and session managememt Moderate
CVE-2019-8108 was published for magento/community-edition (Composer) May 24, 2022
Contao Does Not Expire Tokens Correctly Critical
CVE-2019-10643 was published for contao/contao (Composer) May 13, 2022
Codiad Vulnerable to PHP Magic Hash Vulnerability High
CVE-2020-23355 was published for codiad/codiad (Composer) May 24, 2022
Symfony Authentication Bypass Critical
CVE-2018-11407 was published for symfony/security (Composer) May 14, 2022
TYPO3 Improper Session Invalidation Moderate
CVE-2014-3944 was published for typo3/cms (Composer) May 17, 2022
GeniXCMS Arbitrary User Password Reset Vulnerability Critical
CVE-2017-8827 was published for genix/cms (Composer) May 17, 2022
ThinkAdmin Administrator cookies still working after password change Critical
CVE-2019-11018 was published for zoujingli/thinkadmin (Composer) May 13, 2022
Dolibarr allows password changes without supplying the current password Moderate
CVE-2017-8879 was published for dolibarr/dolibarr (Composer) May 13, 2022
Dolibarr Improper Restriction of Excessive Authentication Attempts Critical
CVE-2020-7995 was published for dolibarr/dolibarr (Composer) May 24, 2022
phpMyAdmin Improper Authentication High
CVE-2018-12613 was published for phpmyadmin/phpmyadmin (Composer) May 13, 2022
ProTip! Advisories are also available from the GraphQL API