GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
45 advisories
Filter by severity
Bypass of fix for CVE-2020-15247, Twig sandbox escape
Low
CVE-2020-26231
was published
for
october/cms
(Composer)
Nov 23, 2020
Generation of fake documents via public GET-call
Low
GHSA-jvg4-9rc2-wvcr
was published
for
shopware/platform
(Composer)
Feb 10, 2021
Flarum notifications can leak restricted content
Moderate
CVE-2023-22488
was published
for
flarum/core
(Composer)
Jan 10, 2023
Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted
Low
CVE-2023-22489
was published
for
flarum/core
(Composer)
Jan 10, 2023
snipe-it is vulnerable to Improper Access Control
Moderate
CVE-2021-4089
was published
for
snipe/snipe-it
(Composer)
Dec 16, 2021
Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.
Moderate
CVE-2020-15247
was published
for
october/cms
(Composer)
Nov 23, 2020
Bypass of fix for CVE-2020-26231, Twig sandbox escape
Moderate
CVE-2021-21264
was published
for
october/cms
(Composer)
May 4, 2021
Missing Authorization in TYPO3 extension
Moderate
CVE-2020-12700
was published
for
directmailteam/direct-mail
(Composer)
Jul 26, 2021
Missing Authorization in TYPO3 extension
Moderate
CVE-2020-12698
was published
for
directmailteam/direct-mail
(Composer)
Jul 26, 2021
Missing Authorization in TeamPass
High
CVE-2020-11671
was published
for
nilsteampassnet/teampass
(Composer)
Jul 26, 2021
Missing Authorization in DayByDay CRM
High
CVE-2022-22111
was published
for
bottelet/flarepoint
(Composer)
Jan 8, 2022
Missing Authorization in DayByDay CRM
Moderate
CVE-2022-22108
was published
for
bottelet/flarepoint
(Composer)
Jan 8, 2022
Missing Authorization in DayByDay CRM
Moderate
CVE-2022-22107
was published
for
bottelet/flarepoint
(Composer)
Jan 8, 2022
Missing Authorization in Crater Invoice
Moderate
CVE-2022-0203
was published
for
bytefury/crater
(Composer)
Jan 27, 2022
Incorrect Default Permissions and Improper Access Control in snipe-it
Moderate
CVE-2022-0179
was published
for
snipe/snipe-it
(Composer)
Jan 21, 2022
Improper Access Control in snipe/snipe-it
Moderate
CVE-2022-1511
was published
for
snipe/snipe-it
(Composer)
Apr 29, 2022
PrestaShop has potential Information exposure in the upload directory
Moderate
CVE-2022-46158
was published
for
prestashop/prestashop
(Composer)
Dec 8, 2022
Improper Access Control in snipe-it
Moderate
CVE-2022-0178
was published
for
snipe/snipe-it
(Composer)
Jan 26, 2022
Improper Privilege Management in Snipe-IT
Moderate
CVE-2022-0579
was published
for
snipe/snipe-it
(Composer)
Feb 15, 2022
Exposure of Sensitive Information to an Unauthorized Actor in librenms
Moderate
CVE-2022-0588
was published
for
librenms/librenms
(Composer)
Feb 16, 2022
Improper Privilege Management in Snipe-IT
High
CVE-2022-0611
was published
for
snipe/snipe-it
(Composer)
Feb 17, 2022
Access control issue in ezsystems/ezpublish-kernel
Critical
CVE-2022-48367
was published
for
ezsystems/ezpublish-kernel
(Composer)
Mar 12, 2023
Moodle incorrect access control
High
CVE-2020-25629
was published
for
moodle/moodle
(Composer)
May 24, 2022
Silverstripe Framework: Members with no password can be created and bypass custom login forms
Low
CVE-2023-32302
was published
for
silverstripe/framework
(Composer)
Jul 31, 2023
Dolibarr Improper Input Validation vulnerability
Moderate
CVE-2023-4198
was published
for
dolibarr/dolibarr
(Composer)
Nov 1, 2023
ProTip!
Advisories are also available from the
GraphQL API