Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

48 advisories

Improper Privilege Management in Concrete CMS High
CVE-2021-22966 was published for concrete5/core (Composer) Nov 23, 2021
Privilege escalation in easyappointments High
CVE-2022-1397 was published for alextselegidis/easyappointments (Composer) May 11, 2022
Dolibarr vulnerable to privilege escalation Critical
CVE-2022-43138 was published for dolibarr/dolibarr (Composer) Nov 17, 2022
Privilege escalation by backend users assigned to the default "Publisher" system role Low
CVE-2020-15248 was published for october/backend (Composer) Nov 23, 2020
Privilege escalation in the Sulu Admin panel High
CVE-2021-43835 was published for sulu/sulu (Composer) Dec 15, 2021
AVideo vulnerable to Improper Privilege Management High
CVE-2020-23489 was published for wwbn/avideo (Composer) May 24, 2022
Company admin role gives excessive privileges in eZ Platform Ibexa High
CVE-2022-48365 was published for ezsystems/ezplatform-kernel (Composer) Mar 12, 2023
Improper Privilege Management in Open Web Analytics Critical
CVE-2022-24637 was published for open-web-analytics/open-web-analytics (Composer) Mar 19, 2022
thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management High
CVE-2023-1762 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
baserCMS Access Control Bypass Moderate
CVE-2018-0573 was published for baserproject/basercms (Composer) May 13, 2022
Improper Privilege Management in Snipe-IT Moderate
CVE-2022-0579 was published for snipe/snipe-it (Composer) Feb 15, 2022
Improper Privilege Management in Snipe-IT High
CVE-2022-0611 was published for snipe/snipe-it (Composer) Feb 17, 2022
Byobu user preference to prevent private discussions being started are not respected Low
CVE-2022-35921 was published for fof/byobu (Composer) Aug 6, 2022
Dolibarr CRM allows Privilege Escalation Moderate
CVE-2020-14201 was published for dolibarr/dolibarr (Composer) May 24, 2022
Privilage Escalation in moodle High
CVE-2020-25699 was published for moodle/moodle (Composer) Mar 29, 2021
Centreon Privilege Escalation Critical
CVE-2018-21025 was published for centreon/centreon (Composer) May 24, 2022
Moodle Improper Privilege Management Moderate
CVE-2017-7532 was published for moodle/moodle (Composer) May 13, 2022
PrestaShop allows users to uninstall modules from backoffice, even with low rights Moderate
CVE-2023-43663 was published for prestashop/prestashop (Composer) Sep 28, 2023
Improper Privilege Management in microweber High
CVE-2023-2240 was published for microweber/microweber (Composer) Apr 22, 2023
PrestaShop allows employee without any access rights to list all installed modules Moderate
CVE-2023-43664 was published for prestashop/prestashop (Composer) Sep 28, 2023
Moodle Improper Access Control vulnerability Moderate
CVE-2023-5549 was published for moodle/moodle (Composer) Nov 9, 2023
Craft CMS Privilege Escalation Moderate
CVE-2024-21622 was published for craftcms/cms (Composer) Jan 3, 2024
johnax0
Magento business logic error vulnerability Critical
CVE-2020-9630 was published for magento/community-edition (Composer) May 24, 2022
BaserCMS privilege escallation Moderate
CVE-2011-2674 was published for baserproject/basercms (Composer) May 13, 2022
Moodle Users could elevate their role when accessing the LTI tool on a provider site High
CVE-2019-3849 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
ProTip! Advisories are also available from the GraphQL API