Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

32 advisories

Loading
Authentication bypass in SilverStripe GraphQL Moderate
CVE-2020-26136 was published for silverstripe/graphql (Composer) Jun 10, 2021
G-Rath
Authentication granted to all firewalls instead of just one Moderate
CVE-2021-32693 was published for symfony/security-http (Composer) Jun 21, 2021
gndk mynameisbogdan
pwarchol Warxcell wouterj adrienlamotte
Improper Authentication in phpmyadmin Moderate
CVE-2022-23807 was published for phpmyadmin/phpmyadmin (Composer) Jan 28, 2022
Incorrect Authentication in shopware Moderate
CVE-2022-24748 was published for shopware/core (Composer) Mar 10, 2022
Incorrect Access Control in ImpressCMS Moderate
CVE-2021-26598 was published for impresscms/impresscms (Composer) Mar 29, 2022
Improper Authentication in moodle Moderate
CVE-2022-0985 was published for moodle/moodle (Composer) Apr 30, 2022
Moodle creates a MoodleMobile web-service token with an infinite lifetime Moderate
CVE-2014-0214 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle Authentication Bypass in File Upload Moderate
CVE-2012-3387 was published for moodle/moodle (Composer) May 13, 2022
Moodle Allows Unauthenticated Dropbox Access Moderate
CVE-2012-5471 was published for moodle/moodle (Composer) May 13, 2022
Moodle Users Can Bypass Deleted Status Moderate
CVE-2012-0797 was published for moodle/moodle (Composer) May 13, 2022
Mediawiki BotPassword can bypass CentralAuth's account lock Moderate
CVE-2018-0505 was published for mediawiki/core (Composer) May 13, 2022
Dolibarr allows password changes without supplying the current password Moderate
CVE-2017-8879 was published for dolibarr/dolibarr (Composer) May 13, 2022
Zend Access Restriction Bypass Moderate
CVE-2014-8088 was published for zendframework/zendframework (Composer) May 17, 2022
TYPO3 Improper Session Invalidation Moderate
CVE-2014-3944 was published for typo3/cms (Composer) May 17, 2022
Symfony Allows URI Restrictions Bypass Via Double-Encoded String Moderate
CVE-2012-6431 was published for symfony/http-foundation (Composer) May 17, 2022
Magento Broken authentication and session managememt Moderate
CVE-2019-8108 was published for magento/community-edition (Composer) May 24, 2022
Unpublished, protected files can be published via shortcode Moderate
CVE-2022-29858 was published for silverstripe/assets (Composer) Jun 29, 2022
TYPO3 CMS missing check for expiration time of password reset token for backend users Moderate
CVE-2022-36106 was published for typo3/cms (Composer) Sep 16, 2022
infabo
Snipe-IT vulnerable to Improper Authentication Moderate
CVE-2022-3173 was published for snipe/snipe-it (Composer) Sep 18, 2022
Moodle type juggling vulnerability Moderate
CVE-2021-40693 was published for moodle/moodle (Composer) Sep 30, 2022
Concrete CMS vulnerable to Improper Authentication Moderate
CVE-2022-43690 was published for concrete5/concrete5 (Composer) Nov 15, 2022
tdunlap607
TYPO3 CMS vulnerable to Weak Authentication in Frontend Login Moderate
CVE-2022-23501 was published for typo3/cms (Composer) Dec 13, 2022
derhansen
TYPO3 extension femanager Broken Access Control vulnerability Moderate
CVE-2023-45023 was published for in2code/femanager (Composer) Oct 4, 2023
pimcore/admin-ui-classic-bundle Unverified Password Change Moderate
CVE-2023-5844 was published for pimcore/admin-ui-classic-bundle (Composer) Oct 31, 2023
Th3l0newolf
TYPO3 vulnerable to Weak Authentication in Session Handling Moderate
CVE-2023-47127 was published for typo3/cms-core (Composer) Nov 14, 2023
dogawaf bnf
ohader
ProTip! Advisories are also available from the GraphQL API