Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

24 advisories

Loading
Local File Inclusion by unauthenticated users High
CVE-2020-15246 was published for october/cms (Composer) Nov 23, 2020
ka1n4t
Privilage Escalation in moodle High
CVE-2020-25699 was published for moodle/moodle (Composer) Mar 29, 2021
Improper Input Validation in Laravel High
CVE-2020-24941 was published for laravel/framework (Composer) May 6, 2021
Incorrect Authorization in TeamPass High
CVE-2020-12477 was published for nilsteampassnet/teampass (Composer) Jul 26, 2021
BuddyPress privilege escalation via REST API High
CVE-2021-21389 was published for buddypress/buddypress (Composer) Oct 6, 2021
Drupal core access bypass vulnerability High
CVE-2020-13677 was published for drupal/core (Composer) Feb 12, 2022
Improper Access Control in librenms High
CVE-2022-0580 was published for librenms/librenms (Composer) Feb 16, 2022
Access Control vulnerability in Dolibarr High
CVE-2021-37517 was published for dolibarr/dolibarr (Composer) Apr 1, 2022
Incorrect Authorization in microweber High
CVE-2022-1631 was published for microweber/microweber (Composer) May 10, 2022
Drupal editor module incorrectly checks access to inline private files High
CVE-2017-6377 was published for drupal/core (Composer) May 13, 2022
phpBB 3.0.7 allows remote attackers to bypass intended access restrictions High
CVE-2010-1627 was published for phpbb/phpbb (Composer) May 17, 2022
Rudloff
Incorrect Authorization in Dolibarr High
CVE-2020-12669 was published for dolibarr/dolibarr (Composer) May 24, 2022
Magento authorization bypass vulnerability High
CVE-2020-9587 was published for magento/community-edition (Composer) May 24, 2022
Fix failure to strip Authorization header on HTTP downgrade High
CVE-2022-31043 was published for guzzlehttp/guzzle (Composer) Jun 9, 2022
GrahamCampbell
Magento Improper Authorization vulnerability High
CVE-2022-34256 was published for magento/community-edition (Composer) Aug 17, 2022
Magento Improper Access Control vulnerability High
CVE-2022-34255 was published for magento/community-edition (Composer) Aug 17, 2022
Magento Improper input validation vulnerability High
CVE-2022-42344 was published for magento/community-edition (Composer) Oct 20, 2022
api-platform/core's secured properties may be accessible within collections High
CVE-2023-25575 was published for api-platform/core (Composer) Feb 28, 2023
Toflar soyuka
Field injection in the KirbyData text storage handler High
CVE-2023-38488 was published for getkirby/cms (Composer) Jul 28, 2023
dapatrese
Dusk plugin may allow unfettered user authentication in misconfigured installs High
CVE-2024-32003 was published for winter/wn-dusk-plugin (Composer) Apr 12, 2024
bennothommo
Silverstripe SiteTree Creation Permission Vulnerability High
GHSA-3mm9-2p44-rw39 was published for silverstripe/cms (Composer) May 22, 2024
aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account High
CVE-2024-39323 was published for aimeos/ai-admin-graphql (Composer) Jul 2, 2024
ssshah2131
Kirby has insufficient permission checks in the language settings High
CVE-2024-41964 was published for getkirby/cms (Composer) Aug 29, 2024
SebastianEberlein-JUNO
Magento Open Source Improper Authorization vulnerability High
CVE-2024-45132 was published for magento/community-edition (Composer) Oct 10, 2024
ProTip! Advisories are also available from the GraphQL API