Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

222 advisories

DOMPDF Information Disclosure Moderate
CVE-2014-5011 was published for dompdf/dompdf (Composer) May 17, 2022
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file Moderate
CVE-2011-3712 was published for cakephp/cakephp (Composer) May 17, 2022
ravage84
Zend Framework XXE Vulnerability Moderate
CVE-2012-5657 was published for zendframework/zendframework1 (Composer) May 17, 2022
Typo3 Information Disclosure Moderate
CVE-2014-3946 was published for typo3/cms (Composer) May 17, 2022
Drupal sensitive information disclosure Moderate
CVE-2016-3170 was published for drupal/core (Composer) May 17, 2022
TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component Moderate
CVE-2013-7073 was published for typo3/cms (Composer) May 17, 2022
Drupal Views can allow unauthorized users to see Statistics information Moderate
CVE-2016-6212 was published for drupal/core (Composer) May 17, 2022
phpMyAdmin ReCaptcha bypass Moderate
CVE-2015-6830 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Drupal sensitive information disclosure Moderate
CVE-2016-9449 was published for drupal/core (Composer) May 17, 2022
Moodle Glossary search displays entries without checking user permissions to view them Moderate
CVE-2016-5012 was published for moodle/moodle (Composer) May 17, 2022
phpMyAdmin Local file exposure Moderate
CVE-2016-6612 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
phpMyAdmin Local file exposure through symlinks with UploadDir Moderate
CVE-2016-6613 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
phpMyAdmin allows to detect if user is logged in Moderate
CVE-2016-6625 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
phpMyAdmin path disclosure Moderate
CVE-2016-9853 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Moodle Global search displays user names for unauthenticated users Moderate
CVE-2017-2643 was published for moodle/moodle (Composer) May 17, 2022
Moodle User fullname disclosure on user preferences page Moderate
CVE-2017-2642 was published for moodle/moodle (Composer) May 17, 2022
TYPO3 Sensitive Information Disclosure via escapeStrForLike method Moderate
CVE-2010-5104 was published for typo3/cms-core (Composer) May 17, 2022
phpMyAdmin vulnerable to XML external entity (XXE) injection attack Moderate
CVE-2011-4107 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Typo3 Backend Configuration XSS Vulnerability Low
CVE-2012-3529 was published for typo3/cms (Composer) May 17, 2022
SimpleSAMLphp Unauthenticated encryption in CBC mode Moderate
CVE-2017-12870 was published for simplesamlphp/simplesamlphp (Composer) May 17, 2022
Dolibarr ERP and CRM Sensitive Data Disclosure High
CVE-2017-14240 was published for dolibarr/dolibarr (Composer) May 17, 2022
Fastly Magento2 sensitive information disclosure Moderate
CVE-2017-13761 was published for fastly/magento2 (Composer) May 17, 2022
Moodle sensitive information disclosure Moderate
CVE-2017-12157 was published for moodle/moodle (Composer) May 17, 2022
Laravel Sensitive Data Exposure Moderate
CVE-2017-14775 was published for illuminate/auth (Composer) May 17, 2022
G-Rath
Silverstripe CMS User Enumeration Moderate
CVE-2017-12849 was published for silverstripe/cms (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API