Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,046
Erlang
29
GitHub Actions
18
Go
1,871
Maven
5,000+
npm
3,596
NuGet
636
pip
3,182
Pub
10
RubyGems
852
Rust
809
Swift
35
Unreviewed advisories
All unreviewed
5,000+

32 advisories

Craft CMS Allows TOTP Token To Stay Valid After Use Moderate
CVE-2024-41800 was published for craftcms/cms (Composer) Jul 25, 2024
FabianTUW
Firefly III has a MFA bypass in oauth flow Moderate
CVE-2024-37893 was published for grumpydictator/firefly-iii (Composer) Jun 17, 2024
Skelmis
Improper Authentication in CraftCMS two factor authentication plugin Moderate
CVE-2024-5658 was published for born05/craft-twofactorauthentication (Composer) Jun 6, 2024
Authentication Bypass in TYPO3 CMS Moderate
GHSA-6xh8-8pfv-53vx was published for typo3/cms (Composer) Jun 5, 2024
Symfony may allow a user to switch to using another user's identity Moderate
GHSA-7mx2-7q8p-pgmw was published for symfony/symfony (Composer) May 30, 2024
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()` Moderate
GHSA-p5h2-vr99-xm99 was published for silverstripe/framework (Composer) May 27, 2024
Mediawiki BotPassword can bypass CentralAuth's account lock Moderate
CVE-2018-0505 was published for mediawiki/core (Composer) May 13, 2022
Magento Broken authentication and session managememt Moderate
CVE-2019-8108 was published for magento/community-edition (Composer) May 24, 2022
TYPO3 Improper Session Invalidation Moderate
CVE-2014-3944 was published for typo3/cms (Composer) May 17, 2022
Dolibarr allows password changes without supplying the current password Moderate
CVE-2017-8879 was published for dolibarr/dolibarr (Composer) May 13, 2022
Moodle type juggling vulnerability Moderate
CVE-2021-40693 was published for moodle/moodle (Composer) Sep 30, 2022
Zend Access Restriction Bypass Moderate
CVE-2014-8088 was published for zendframework/zendframework (Composer) May 17, 2022
Improper Authentication in phpmyadmin Moderate
CVE-2022-23807 was published for phpmyadmin/phpmyadmin (Composer) Jan 28, 2022
Authentication bypass in SilverStripe GraphQL Moderate
CVE-2020-26136 was published for silverstripe/graphql (Composer) Jun 10, 2021
G-Rath
Symfony Allows URI Restrictions Bypass Via Double-Encoded String Moderate
CVE-2012-6431 was published for symfony/http-foundation (Composer) May 17, 2022
Authentication granted to all firewalls instead of just one Moderate
CVE-2021-32693 was published for symfony/security-http (Composer) Jun 21, 2021
gndk mynameisbogdan
pwarchol Warxcell wouterj adrienlamotte
Moodle creates a MoodleMobile web-service token with an infinite lifetime Moderate
CVE-2014-0214 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle Users Can Bypass Deleted Status Moderate
CVE-2012-0797 was published for moodle/moodle (Composer) May 13, 2022
Moodle Allows Unauthenticated Dropbox Access Moderate
CVE-2012-5471 was published for moodle/moodle (Composer) May 13, 2022
Moodle Authentication Bypass in File Upload Moderate
CVE-2012-3387 was published for moodle/moodle (Composer) May 13, 2022
yiisoft/yii2-authclient's Oauth2 PKCE implementation is vulnerable Moderate
CVE-2023-50714 was published for yiisoft/yii2-authclient (Composer) Dec 18, 2023
rhertogh
TYPO3 vulnerable to Weak Authentication in Session Handling Moderate
CVE-2023-47127 was published for typo3/cms-core (Composer) Nov 14, 2023
dogawaf bnf
ohader
pimcore/admin-ui-classic-bundle Unverified Password Change Moderate
CVE-2023-5844 was published for pimcore/admin-ui-classic-bundle (Composer) Oct 31, 2023
Th3l0newolf
TYPO3 extension femanager Broken Access Control vulnerability Moderate
CVE-2023-45023 was published for in2code/femanager (Composer) Oct 4, 2023
Improper Authentication in moodle Moderate
CVE-2022-0985 was published for moodle/moodle (Composer) Apr 30, 2022
ProTip! Advisories are also available from the GraphQL API