Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,012
Erlang
29
GitHub Actions
16
Go
1,805
Maven
5,000+
npm
3,553
NuGet
630
pip
3,148
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

25 advisories

Loading
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-5545 was published for moodle/moodle (Composer) Nov 9, 2023
Moodle Improper Access Control vulnerability Moderate
CVE-2023-5542 was published for moodle/moodle (Composer) Nov 9, 2023
MantisBT may disclose project names to unauthorized users Moderate
CVE-2023-44394 was published for mantisbt/mantisbt (Composer) Oct 17, 2023
Moodle may display roles to users who don't have access to them Moderate
CVE-2023-1402 was published for moodle/moodle (Composer) Mar 23, 2023
Moodle may allow teachers to access the names of users they could not otherwise access Moderate
CVE-2023-28336 was published for moodle/moodle (Composer) Mar 23, 2023
Kirby CMS vulnerable to user enumeration in the brute force protection Moderate
CVE-2022-39315 was published for getkirby/cms (Composer) Oct 18, 2022
Moodle No groups filtering in H5P activity attempts report Moderate
CVE-2022-40316 was published for moodle/moodle (Composer) Oct 1, 2022
Unauthenticated Sensitive Information Disclosure vulnerability Moderate
CVE-2022-34867 was published for libreform/libreform (Composer) Sep 7, 2022
Moodle Insecure direct object reference (IDOR) in a calendar web service Moderate
CVE-2021-43560 was published for moodle/moodle (Composer) May 24, 2022
JetPack Exposure of Resource to Wrong Sphere Moderate
CVE-2021-24374 was published for automattic/jetpack (Composer) May 24, 2022
Dolibarr Stored Cross-site Scripting Moderate
CVE-2020-13240 was published for dolibarr/dolibarr (Composer) May 24, 2022
Moodle Unauthorized searching of arbitrary blogs by typing full url Moderate
CVE-2017-7490 was published for moodle/moodle (Composer) May 13, 2022
Exposure of Resource to Wrong Sphere in ThinkPHP Framework High
CVE-2022-25481 was published for topthink/framework (Composer) Mar 22, 2022
Sensitive Information Exposure in Sylius Moderate
CVE-2022-24742 was published for sylius/sylius (Composer) Mar 14, 2022
HTTP caching is marking private HTTP headers as public in Shopware Moderate
CVE-2022-24747 was published for shopware/core (Composer) Mar 10, 2022
UlrichThomasGabor
Exposure of Resource to Wrong Sphere in microweber Moderate
CVE-2022-0762 was published for microweber/microweber (Composer) Feb 27, 2022
Exposure of Resource to Wrong Sphere in ezsystems/ezplatform-kernel Moderate
CVE-2022-25336 was published for ezsystems/ezplatform-kernel (Composer) Feb 19, 2022
Exposure of Resource to Wrong Sphere in Drupal Core High
CVE-2020-13670 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607
Insufficient user authorization in Moodle Moderate
CVE-2022-0334 was published for moodle/moodle (Composer) Jan 28, 2022
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4194 was published for ssddanbrown/bookstack (Composer) Jan 8, 2022
Exposure of Resource to Wrong Sphere in LibreNMS High
CVE-2020-15877 was published for librenms/librenms (Composer) Sep 8, 2021
CSRF token exposure in TYPO3 extension Moderate
CVE-2021-36793 was published for lms/routes (Composer) Sep 2, 2021
Exposed phpinfo() leadked via documentation files Moderate
CVE-2021-37704 was published for phpfastcache/phpfastcache (Composer) Aug 30, 2021
Geolim4
After order payment process manipulation in shopware/platform and shopware/core Critical
GHSA-88rc-3p98-rgvx was published for shopware/core (Composer) Apr 13, 2021
Leak of information via Store-API aggregations in shopware/platform and shopware/core Critical
GHSA-qg7c-q3vq-rgxr was published for shopware/core (Composer) Apr 13, 2021
ProTip! Advisories are also available from the GraphQL API