GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,872
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,951
npm
3,481
NuGet
605
pip
3,047
Pub
10
RubyGems
832
Rust
777
Swift
34
Unreviewed advisories
All unreviewed
5,000+
217 advisories
Filter by severity
Fix failure to strip Authorization header on HTTP downgrade
High
CVE-2022-31043
was published
for
guzzlehttp/guzzle
(Composer)
Jun 9, 2022
Cross-domain cookie leakage in Guzzle
High
CVE-2022-29248
was published
for
guzzlehttp/guzzle
(Composer)
May 25, 2022
Magento Information Disclosure vulnerability
Low
CVE-2021-28566
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento information disclosure vulnerability
Low
CVE-2020-24406
was published
for
magento/community-edition
(Composer)
May 24, 2022
Microweber Discloses Sensitive Information
High
CVE-2020-13405
was published
for
microweber/microweber
(Composer)
May 24, 2022
Silverstripe CMS information disclosure
High
CVE-2020-6164
was published
for
silverstripe/cms
(Composer)
May 24, 2022
Magento defense-in-depth security mitigation vulnerability
High
CVE-2020-9591
was published
for
magento/community-edition
(Composer)
May 24, 2022
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation
High
CVE-2020-13700
was published
for
airesvsg/acf-to-rest-api
(Composer)
May 24, 2022
Gravity Forms plugin leak hashed passwords
High
CVE-2020-13764
was published
for
wp-premium/gravityforms
(Composer)
May 24, 2022
Centreon Sensitive Data Exposure vulnerability
Moderate
CVE-2020-10945
was published
for
centreon/centreon
(Composer)
May 24, 2022
Froxlor Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2020-10237
was published
for
froxlor/froxlor
(Composer)
May 24, 2022
direct_mail for Typo3 sensitive data exposure
Moderate
CVE-2019-16698
was published
for
directmailteam/direct-mail
(Composer)
May 24, 2022
MediaWiki information disclosure
Moderate
CVE-2019-16738
was published
for
mediawiki/core
(Composer)
May 24, 2022
Magento 2 Community Edition Information Leak
High
CVE-2019-7951
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition Information Disclosure
Moderate
CVE-2019-7929
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition Information Disclosure
Moderate
CVE-2019-7888
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition Path Disclosure
Moderate
CVE-2019-7852
was published
for
magento/community-edition
(Composer)
May 24, 2022
Wikimedia information leak vulnerability
High
CVE-2019-12474
was published
for
mediawiki/core
(Composer)
May 24, 2022
Exposure of Sensitive Information in moodle
Moderate
CVE-2022-30598
was published
for
moodle/moodle
(Composer)
May 19, 2022
DCE extension for Typo3 Discloses Environment Information
Moderate
CVE-2014-8328
was published
for
t3/dce
(Composer)
May 17, 2022
DOMPDF Information Disclosure
Moderate
CVE-2014-5011
was published
for
dompdf/dompdf
(Composer)
May 17, 2022
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file
Moderate
CVE-2011-3712
was published
for
cakephp/cakephp
(Composer)
May 17, 2022
Zend Framework XXE Vulnerability
Moderate
CVE-2012-5657
was published
for
zendframework/zendframework1
(Composer)
May 17, 2022
Typo3 Information Disclosure
Moderate
CVE-2014-3946
was published
for
typo3/cms
(Composer)
May 17, 2022
Drupal sensitive information disclosure
Moderate
CVE-2016-3170
was published
for
drupal/core
(Composer)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API