GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
42 advisories
Filter by severity
Bagisto vulnerable to Insecure Direct Object Reference (IDOR)
Moderate
CVE-2023-36238
was published
for
bagisto/bagisto
(Composer)
Mar 13, 2024
Moodle IDOR when deleting OAuth2 linked accounts
Moderate
CVE-2024-45690
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
Moodle IDOR when accessing list of course badges
Moderate
CVE-2024-48899
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
Improper Authorization in dolibarr/dolibarr
Moderate
CVE-2021-3991
was published
for
dolibarr/dolibarr
(Composer)
Nov 15, 2024
Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users
Moderate
CVE-2024-43438
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Moodle's IDOR in badges allows deletion of arbitrary badges
Moderate
CVE-2024-43431
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
powermail TYPO3 extension has Insecure Direct Object Reference
Moderate
CVE-2024-47047
was published
for
in2code/powermail
(Composer)
Sep 17, 2024
IDOR vulnerability in account profile page
Moderate
CVE-2024-39319
was published
for
aimeos/ai-controller-frontend
(Composer)
Sep 26, 2024
"powermail" (powermail) Insecure Direct Object Reference (IDOR)
Moderate
CVE-2024-45232
was published
for
in2code/powermail
(Composer)
Aug 29, 2024
Sylius has a security vulnerability via adjustments API endpoint
High
CVE-2024-40633
was published
for
sylius/sylius
(Composer)
Jul 17, 2024
events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability
Moderate
CVE-2024-38874
was published
for
jweiland/events2
(Composer)
Jun 21, 2024
EC-CUBE vulnerable to authorization bypass
Moderate
CVE-2014-0808
was published
for
ec-cube/ec-cube
(Composer)
May 17, 2022
SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation
Moderate
GHSA-g4hp-pfvf-vm5w
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Moodle may allow authenticated users to enumerate other user's names via learning plans page
Moderate
CVE-2023-28334
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
Gleez CMS Vulnerability Allows Forced Browsing to Profile Page of Other Users
Moderate
CVE-2018-16704
was published
for
gleez/cms
(Composer)
May 13, 2022
Magento Improper input validation vulnerability
High
CVE-2022-42344
was published
for
magento/community-edition
(Composer)
Oct 20, 2022
JetPack Exposure of Resource to Wrong Sphere
Moderate
CVE-2021-24374
was published
for
automattic/jetpack
(Composer)
May 24, 2022
Reportico affected by Incorrect Access Control
Moderate
CVE-2023-48865
was published
for
reportico-web/reportico
(Composer)
Apr 12, 2024
Authorization Bypass in moodle
Low
CVE-2024-25983
was published
for
moodle/moodle
(Composer)
Feb 19, 2024
Magento 2 Community Edition IDOR Vulnerability
High
CVE-2019-7854
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition IDOR Vulnerability
Moderate
CVE-2019-7864
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition IDOR Vulnerability
High
CVE-2019-7890
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition Access Control Bypass
High
CVE-2019-7950
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Insecure Direct Object Reference (IDOR) in the product module
Moderate
CVE-2021-21022
was published
for
magento/community-edition
(Composer)
May 24, 2022
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation
High
CVE-2020-13700
was published
for
airesvsg/acf-to-rest-api
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API