GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
222 advisories
Filter by severity
Typo3 Information Disclosure
Moderate
CVE-2011-4627
was published
for
typo3/cms
(Composer)
Apr 22, 2022
TYPO3 is vulnerable to Information Disclosure in the HTML mailing API
Moderate
CVE-2010-3673
was published
for
typo3/cms-core
(Composer)
Apr 21, 2022
TYPO3 is vulnerable to Information Disclosure on the backend
Moderate
CVE-2010-3664
was published
for
typo3/cms-backend
(Composer)
Apr 21, 2022
Discoverability of user password hash in Statamic CMS
Low
CVE-2022-24784
was published
for
statamic/cms
(Composer)
Mar 29, 2022
Twig Sandbox Information Disclosure
Low
CVE-2019-9942
was published
for
twig/twig
(Composer)
Mar 26, 2022
Sensitive Information Exposure in Sylius
Moderate
CVE-2022-24742
was published
for
sylius/sylius
(Composer)
Mar 14, 2022
Moodle Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-32472
was published
for
moodle/moodle
(Composer)
Mar 12, 2022
Moodle Information Disclosure vulnerability
Moderate
CVE-2021-32473
was published
for
moodle/moodle
(Composer)
Mar 12, 2022
Moodle Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-32477
was published
for
moodle/moodle
(Composer)
Mar 12, 2022
Exposure of Sensitive Information to an Unauthorized Actor in PhpMyAdmin
High
CVE-2022-0813
was published
for
phpmyadmin/phpmyadmin
(Composer)
Mar 11, 2022
HTTP caching is marking private HTTP headers as public in Shopware
Moderate
CVE-2022-24747
was published
for
shopware/core
(Composer)
Mar 10, 2022
Exposure of Sensitive Information to an Unauthorized Actor in librenms
Moderate
CVE-2022-0588
was published
for
librenms/librenms
(Composer)
Feb 16, 2022
Exposure of Sensitive Information in snipe/snipe-it
Moderate
CVE-2022-0569
was published
for
snipe/snipe-it
(Composer)
Feb 15, 2022
Exposure of Sensitive Information to an Unauthorized Actor in pimcore
Moderate
CVE-2022-0565
was published
for
pimcore/pimcore
(Composer)
Feb 15, 2022
Exposure of Sensitive Information to an Unauthorized Actor in microweber
High
CVE-2022-0281
was published
for
microweber/microweber
(Composer)
Jan 21, 2022
Password exposure in concrete5/core
Moderate
CVE-2021-22951
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Exposure of sensitive information in concrete5/core
Moderate
CVE-2021-22967
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Unrestricted access to predictable file paths in hov/jobfair
High
CVE-2021-43564
was published
for
hov/jobfair
(Composer)
Nov 15, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Moodle
Moderate
CVE-2020-25703
was published
for
moodle/moodle
(Composer)
Oct 21, 2021
Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS
High
CVE-2021-41120
was published
for
sylius/paypal-plugin
(Composer)
Oct 6, 2021
Any storage file can be downloaded from p.sh if full server path is known
High
GHSA-2rh5-jvgx-pgw3
was published
for
ezsystems/ezplatform
(Composer)
Sep 14, 2021
Any storage file can be downloaded from p.sh if full server path is known
High
GHSA-gqcf-83rq-gpfr
was published
for
ibexa/post-install
(Composer)
Sep 14, 2021
Exposure of Sensitive Information to an Unauthorized Actor
High
CVE-2021-32717
was published
for
shopware/platform
(Composer)
Sep 8, 2021
Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-32716
was published
for
shopware/platform
(Composer)
Sep 8, 2021
Exposure of Sensitive Information to an Unauthorized Actor
Critical
CVE-2021-32711
was published
for
shopware/platform
(Composer)
Sep 8, 2021
ProTip!
Advisories are also available from the
GraphQL API