Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,482
NuGet
605
pip
3,050
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

21 advisories

TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts High
GHSA-4r76-xr68-w7m7 was published for typo3/cms (Composer) May 30, 2024
Grav Vulnerable to Arbitrary File Read to Account Takeover High
CVE-2024-34082 was published for getgrav/grav (Composer) May 15, 2024
richighimi
Dusk plugin may allow unfettered user authentication in misconfigured installs High
CVE-2024-32003 was published for winter/wn-dusk-plugin (Composer) Apr 12, 2024
bennothommo
UVDesk Community Helpdesk Improper Privilege Management High
CVE-2024-3137 was published for uvdesk/core-framework (Composer) Apr 2, 2024
Improper Privilege Management in microweber High
CVE-2023-2240 was published for microweber/microweber (Composer) Apr 22, 2023
thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management High
CVE-2023-1762 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
Company admin role gives excessive privileges in eZ Platform Ibexa High
CVE-2022-48365 was published for ezsystems/ezplatform-kernel (Composer) Mar 12, 2023
EC-CUBE Improper access control vulnerability High
CVE-2021-20778 was published for ec-cube/ec-cube (Composer) May 24, 2022
AVideo vulnerable to Improper Privilege Management High
CVE-2020-23489 was published for wwbn/avideo (Composer) May 24, 2022
CodeIgniter Improper Privilege Management High
CVE-2020-10793 was published for codeigniter4/framework (Composer) May 24, 2022
Drupal saving user accounts can sometimes grant the user all roles High
CVE-2016-3169 was published for drupal/core (Composer) May 17, 2022
Drupal Saving user accounts can sometimes grant the user all roles High
CVE-2016-6211 was published for drupal/core (Composer) May 17, 2022
TeamPass Improper Privilege Management High
CVE-2017-15055 was published for nilsteampassnet/teampass (Composer) May 13, 2022
Drupal REST API can bypass comment approval High
CVE-2017-6924 was published for drupal/core (Composer) May 13, 2022
Moodle Users could elevate their role when accessing the LTI tool on a provider site High
CVE-2019-3849 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Privilege escalation in easyappointments High
CVE-2022-1397 was published for alextselegidis/easyappointments (Composer) May 11, 2022
Improper Privilege Management in Snipe-IT High
CVE-2022-0611 was published for snipe/snipe-it (Composer) Feb 17, 2022
Privilege escalation in the Sulu Admin panel High
CVE-2021-43835 was published for sulu/sulu (Composer) Dec 15, 2021
Improper Privilege Management in Concrete CMS High
CVE-2021-22966 was published for concrete5/core (Composer) Nov 23, 2021
Privilege escalation via form generator High
CVE-2021-37627 was published for contao/contao (Composer) Aug 23, 2021
ausi
Privilage Escalation in moodle High
CVE-2020-25699 was published for moodle/moodle (Composer) Mar 29, 2021
ProTip! Advisories are also available from the GraphQL API