GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
222 advisories
Filter by severity
DOMPDF Information Disclosure
Moderate
CVE-2014-5011
was published
for
dompdf/dompdf
(Composer)
May 17, 2022
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file
Moderate
CVE-2011-3712
was published
for
cakephp/cakephp
(Composer)
May 17, 2022
Zend Framework XXE Vulnerability
Moderate
CVE-2012-5657
was published
for
zendframework/zendframework1
(Composer)
May 17, 2022
Typo3 Information Disclosure
Moderate
CVE-2014-3946
was published
for
typo3/cms
(Composer)
May 17, 2022
Drupal sensitive information disclosure
Moderate
CVE-2016-3170
was published
for
drupal/core
(Composer)
May 17, 2022
TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component
Moderate
CVE-2013-7073
was published
for
typo3/cms
(Composer)
May 17, 2022
Drupal Views can allow unauthorized users to see Statistics information
Moderate
CVE-2016-6212
was published
for
drupal/core
(Composer)
May 17, 2022
phpMyAdmin ReCaptcha bypass
Moderate
CVE-2015-6830
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Drupal sensitive information disclosure
Moderate
CVE-2016-9449
was published
for
drupal/core
(Composer)
May 17, 2022
Moodle Glossary search displays entries without checking user permissions to view them
Moderate
CVE-2016-5012
was published
for
moodle/moodle
(Composer)
May 17, 2022
phpMyAdmin Local file exposure
Moderate
CVE-2016-6612
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
phpMyAdmin Local file exposure through symlinks with UploadDir
Moderate
CVE-2016-6613
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
phpMyAdmin allows to detect if user is logged in
Moderate
CVE-2016-6625
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
phpMyAdmin path disclosure
Moderate
CVE-2016-9853
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Moodle Global search displays user names for unauthenticated users
Moderate
CVE-2017-2643
was published
for
moodle/moodle
(Composer)
May 17, 2022
Moodle User fullname disclosure on user preferences page
Moderate
CVE-2017-2642
was published
for
moodle/moodle
(Composer)
May 17, 2022
TYPO3 Sensitive Information Disclosure via escapeStrForLike method
Moderate
CVE-2010-5104
was published
for
typo3/cms-core
(Composer)
May 17, 2022
phpMyAdmin vulnerable to XML external entity (XXE) injection attack
Moderate
CVE-2011-4107
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Typo3 Backend Configuration XSS Vulnerability
Low
CVE-2012-3529
was published
for
typo3/cms
(Composer)
May 17, 2022
SimpleSAMLphp Unauthenticated encryption in CBC mode
Moderate
CVE-2017-12870
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 17, 2022
Dolibarr ERP and CRM Sensitive Data Disclosure
High
CVE-2017-14240
was published
for
dolibarr/dolibarr
(Composer)
May 17, 2022
Fastly Magento2 sensitive information disclosure
Moderate
CVE-2017-13761
was published
for
fastly/magento2
(Composer)
May 17, 2022
Moodle sensitive information disclosure
Moderate
CVE-2017-12157
was published
for
moodle/moodle
(Composer)
May 17, 2022
Laravel Sensitive Data Exposure
Moderate
CVE-2017-14775
was published
for
illuminate/auth
(Composer)
May 17, 2022
Silverstripe CMS User Enumeration
Moderate
CVE-2017-12849
was published
for
silverstripe/cms
(Composer)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API