Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

50 advisories

Loading
RaspAP allows an attacker to escalate privileges Critical
CVE-2024-41637 was published for billz/raspap-webgui (Composer) Jul 29, 2024
Reportico Web fails to invalidate cookies upon logout Moderate
CVE-2024-31556 was published for reportico-web/reportico (Composer) May 14, 2024
Privilege Escalation in TYPO3 CMS Moderate
GHSA-v5jp-4h2p-j2p4 was published for typo3/cms (Composer) Jun 5, 2024
TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts High
GHSA-4r76-xr68-w7m7 was published for typo3/cms (Composer) May 30, 2024
TYPO3 Broken Access Control in Localization Handling Moderate
GHSA-9rx9-7fmh-gj3g was published for typo3/cms-core (Composer) May 30, 2024
Mediawiki Improper Privilege Management Moderate
CVE-2018-0503 was published for mediawiki/core (Composer) May 13, 2022
Grav Vulnerable to Arbitrary File Read to Account Takeover High
CVE-2024-34082 was published for getgrav/grav (Composer) May 15, 2024
richighimi
Drupal Saving user accounts can sometimes grant the user all roles High
CVE-2016-6211 was published for drupal/core (Composer) May 17, 2022
bbPress unauthenticated privilege-escalation Critical
CVE-2020-13693 was published for bbpress/bbpress (Composer) May 24, 2022
EC-CUBE Improper access control vulnerability High
CVE-2021-20778 was published for ec-cube/ec-cube (Composer) May 24, 2022
BuddyPress Docs plugin Improper Privilege Management Moderate
CVE-2017-6954 was published for buddypress/buddypress (Composer) May 13, 2022
TeamPass Improper Privilege Management Moderate
CVE-2017-15052 was published for nilsteampassnet/teampass (Composer) May 13, 2022
TeamPass Improper Privilege Management Moderate
CVE-2017-15053 was published for nilsteampassnet/teampass (Composer) May 13, 2022
TeamPass Improper Privilege Management High
CVE-2017-15055 was published for nilsteampassnet/teampass (Composer) May 13, 2022
phpMyAdmin Improper Privilege Management Critical
CVE-2017-18264 was published for phpmyadmin/phpmyadmin (Composer) May 13, 2022
CodeIgniter Improper Privilege Management High
CVE-2020-10793 was published for codeigniter4/framework (Composer) May 24, 2022
Moodle External blog editing takeover Moderate
CVE-2017-7489 was published for moodle/moodle (Composer) May 13, 2022
Moodle Improper Privilege Management Moderate
CVE-2018-1134 was published for moodle/moodle (Composer) May 13, 2022
Drupal Users without "Administer comments" can set comment visibility on nodes they can edit Moderate
CVE-2016-7570 was published for drupal/core (Composer) May 17, 2022
Drupal Entity access bypass for entities that do not have UUIDs or have protected revisions Critical
CVE-2017-6925 was published for drupal/core (Composer) May 13, 2022
Drupal REST API can bypass comment approval High
CVE-2017-6924 was published for drupal/core (Composer) May 13, 2022
Drupal saving user accounts can sometimes grant the user all roles High
CVE-2016-3169 was published for drupal/core (Composer) May 17, 2022
Privilege escalation via form generator High
CVE-2021-37627 was published for contao/contao (Composer) Aug 23, 2021
ausi
Dusk plugin may allow unfettered user authentication in misconfigured installs High
CVE-2024-32003 was published for winter/wn-dusk-plugin (Composer) Apr 12, 2024
bennothommo
UVDesk Community Helpdesk Improper Privilege Management High
CVE-2024-3137 was published for uvdesk/core-framework (Composer) Apr 2, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database