GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,876
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,951
npm
3,481
NuGet
605
pip
3,047
Pub
10
RubyGems
832
Rust
777
Swift
34
Unreviewed advisories
All unreviewed
5,000+
217 advisories
Filter by severity
Information Disclosure due to Out-of-scope Site Resolution
Low
CVE-2023-38499
was published
for
typo3/cms-core
(Composer)
Jul 25, 2023
Pimcore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
High
CVE-2023-3819
was published
for
pimcore/pimcore
(Composer)
Jul 21, 2023
TeamPass information exposure vulnerability
High
CVE-2023-3553
was published
for
nilsteampassnet/teampass
(Composer)
Jul 8, 2023
league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase
High
CVE-2023-37260
was published
for
league/oauth2-server
(Composer)
Jul 6, 2023
Shopware dependency configuration exposed
Moderate
CVE-2023-34098
was published
for
shopware/shopware
(Composer)
Jun 28, 2023
Dolibarr vulnerable to unauthenticated database access
High
CVE-2023-33568
was published
for
dolibarr/dolibarr
(Composer)
Jun 13, 2023
Moodle may display roles to users who don't have access to them
Moderate
CVE-2023-1402
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
Moodle may allow authenticated users to enumerate other user's names via learning plans page
Moderate
CVE-2023-28334
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
Moodle may allow teachers to access the names of users they could not otherwise access
Moderate
CVE-2023-28336
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
RosarioSIS Improper Access Control vulnerability
High
CVE-2023-0994
was published
for
francoisjacquet/rosariosis
(Composer)
Feb 24, 2023
MantisBT may expose private issues' summaries to unauthorized users
Moderate
CVE-2023-22476
was published
for
mantisbt/mantisbt
(Composer)
Feb 23, 2023
Codiad information disclosure vulnerability
High
CVE-2017-20178
was published
for
codiad/codiad
(Composer)
Feb 21, 2023
Pixelfed allows user enumeration via reset password functionality
Moderate
CVE-2023-0901
was published
for
pixelfed/pixelfed
(Composer)
Feb 18, 2023
TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
Moderate
CVE-2022-23504
was published
for
typo3/cms
(Composer)
Dec 13, 2022
PrestaShop has potential Information exposure in the upload directory
Moderate
CVE-2022-46158
was published
for
prestashop/prestashop
(Composer)
Dec 8, 2022
Craft CMS discloses password hashes
High
CVE-2022-37783
was published
for
craftcms/cms
(Composer)
Dec 5, 2022
ezplatform-graphql GraphQL queries can expose password hashes
High
CVE-2022-41876
was published
for
ezsystems/ezplatform-graphql
(Composer)
Nov 10, 2022
Moodle Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-40695
was published
for
moodle/moodle
(Composer)
Sep 30, 2022
Shopware contains sensitive data in backend customer module
Moderate
CVE-2022-36101
was published
for
shopware/shopware
(Composer)
Sep 16, 2022
Unauthenticated Sensitive Information Disclosure vulnerability
Moderate
CVE-2022-34867
was published
for
libreform/libreform
(Composer)
Sep 7, 2022
Valinor error messages leading to potential data exfiltration before v0.12.0
High
CVE-2022-31140
was published
for
cuyz/valinor
(Composer)
Jul 12, 2022
Change in port should be considered a change in origin
High
CVE-2022-31091
was published
for
guzzlehttp/guzzle
(Composer)
Jun 21, 2022
CURLOPT_HTTPAUTH option not cleared on change of origin
High
CVE-2022-31090
was published
for
guzzlehttp/guzzle
(Composer)
Jun 21, 2022
Information Disclosure via Export Module
Moderate
CVE-2022-31046
was published
for
typo3/cms
(Composer)
Jun 17, 2022
Failure to strip the Cookie header on change in host or HTTP downgrade
High
CVE-2022-31042
was published
for
guzzlehttp/guzzle
(Composer)
Jun 9, 2022
ProTip!
Advisories are also available from the
GraphQL API