GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
86 advisories
Filter by severity
Incorrect access control in typo3_forum
Moderate
CVE-2020-15513
was published
for
mittwald/typo3_forum
(Composer)
Jul 29, 2020
Authenticated Privilege Escalation
Low
GHSA-5q58-x5h2-v5rx
was published
for
shopware/core
(Composer)
Dec 21, 2020
Improper Authorization in grumpydictator/firefly-iii
Moderate
CVE-2023-0298
was published
for
grumpydictator/firefly-iii
(Composer)
Jan 14, 2023
Access Control vulnerability in Dolibarr
High
CVE-2021-37517
was published
for
dolibarr/dolibarr
(Composer)
Apr 1, 2022
bookstack is vulnerable to Improper Access Control
Moderate
CVE-2021-4194
was published
for
ssddanbrown/bookstack
(Composer)
Jan 8, 2022
Incorrect Authorization in thinkcmf
Moderate
CVE-2021-40616
was published
for
thinkcmf/thinkcmf
(Composer)
Jun 15, 2022
Improper Authorization in dolibarr/dolibarr
Moderate
CVE-2022-0731
was published
for
dolibarr/dolibarr
(Composer)
Feb 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-32716
was published
for
shopware/platform
(Composer)
Sep 8, 2021
bookstack is vulnerable to Improper Access Control
Moderate
CVE-2021-4026
was published
for
ssddanbrown/bookstack
(Composer)
Dec 1, 2021
kimai2 is vulnerable to Improper Access Control
Moderate
CVE-2021-3992
was published
for
kevinpapst/kimai2
(Composer)
Dec 3, 2021
Missing authorization in Moodle
Moderate
CVE-2022-0984
was published
for
moodle/moodle
(Composer)
Apr 30, 2022
Incorrect Authorization in microweber
High
CVE-2022-1631
was published
for
microweber/microweber
(Composer)
May 10, 2022
Information Disclosure in TYPO3 extension sf_event_mgt
Moderate
CVE-2020-25026
was published
for
derhansen/sf_event_mgt
(Composer)
Sep 2, 2020
Local File Inclusion by unauthenticated users
High
CVE-2020-15246
was published
for
october/cms
(Composer)
Nov 23, 2020
Privilege escalation by backend users assigned to the default "Publisher" system role
Low
CVE-2020-15248
was published
for
october/backend
(Composer)
Nov 23, 2020
Improper Input Validation in Laravel
High
CVE-2020-24941
was published
for
laravel/framework
(Composer)
May 6, 2021
Incorrect Authorization in TeamPass
High
CVE-2020-12477
was published
for
nilsteampassnet/teampass
(Composer)
Jul 26, 2021
Improper Access Control in Dolibarr
Moderate
CVE-2021-25954
was published
for
dolibarr/dolibarr
(Composer)
Aug 11, 2021
Incorrect Authorization in TYPO3 extension
Moderate
CVE-2020-25025
was published
for
localizationteam/l10nmgr
(Composer)
Jul 26, 2021
Improper Access Control in Webauthn Framework
Critical
CVE-2021-38299
was published
for
web-auth/webauthn-framework
(Composer)
Sep 29, 2021
BuddyPress privilege escalation via REST API
High
CVE-2021-21389
was published
for
buddypress/buddypress
(Composer)
Oct 6, 2021
Incorrect Authorization in latte/latte
Critical
CVE-2021-23803
was published
for
latte/latte
(Composer)
Jan 6, 2022
Insufficient user authorization in Moodle
Moderate
CVE-2022-0334
was published
for
moodle/moodle
(Composer)
Jan 28, 2022
Incorrect authorization in Drupal core
Moderate
CVE-2022-25270
was published
for
drupal/core
(Composer)
Feb 18, 2022
Exposure of Private Personal Information to an Unauthorized Actor in alextselegidis/easyappointments
Critical
CVE-2022-0482
was published
for
alextselegidis/easyappointments
(Composer)
Mar 10, 2022
ProTip!
Advisories are also available from the
GraphQL API