Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

48 advisories

Loading
Withdrawn Advisory: Symfony http-security has authentication bypass Moderate
CVE-2024-36611 was published for symfony/security-http (Composer) Nov 29, 2024 withdrawn
jderusse
moodle: IDOR in edit/delete RSS feed Moderate
CVE-2024-48897 was published for moodle/moodle (Composer) Nov 18, 2024
moodle: IDOR when fetching report schedules Moderate
CVE-2024-48901 was published for moodle/moodle (Composer) Nov 18, 2024
Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users Moderate
CVE-2024-43438 was published for moodle/moodle (Composer) Nov 7, 2024
Magento Open Source Improper Authorization vulnerability Moderate
CVE-2024-45131 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Authorization vulnerability Moderate
CVE-2024-45128 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Incorrect Authorization vulnerability Moderate
CVE-2024-45125 was published for magento/community-edition (Composer) Oct 10, 2024
Silverstripe Reports are still accessible even when `canView()` returns false Moderate
CVE-2024-29885 was published for silverstripe/reports (Composer) Jul 17, 2024
aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records Moderate
CVE-2024-39322 was published for aimeos/ai-admin-jsonadm (Composer) Jul 2, 2024
ssshah2131
Magento Open Source Incorrect Authorization vulnerability Moderate
CVE-2024-34106 was published for magento/community-edition (Composer) Jun 13, 2024
TYPO3 Broken Access Control in Import Module Moderate
GHSA-g776-759r-pf6x was published for typo3/cms-core (Composer) May 30, 2024
Sulu grants access to pages regardless of role permissions Moderate
CVE-2024-27915 was published for sulu/sulu (Composer) Mar 4, 2024
derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module Moderate
CVE-2024-24751 was published for derhansen/sf_event_mgt (Composer) Feb 13, 2024
derhansen
phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes Moderate
CVE-2024-22208 was published for phpmyfaq/phpmyfaq (Composer) Feb 5, 2024
PinkDraconian
No permission checks for editing/deleting records with CSV import form Moderate
CVE-2023-49783 was published for silverstripe/admin (Composer) Jan 23, 2024
GuySartorelli
View permissions are bypassed for paginated lists of ORM data Moderate
CVE-2023-44401 was published for silverstripe/graphql (Composer) Jan 23, 2024
Pimcore Customer Management Framework vulnerable to Improper Authorization in Rules Controller Moderate
CVE-2023-3574 was published for pimcore/customer-management-framework-bundle (Composer) Jul 10, 2023
aqngoc
Access bypass in Drupal core Moderate
CVE-2022-25274 was published for drupal/core (Composer) Apr 26, 2023
Improper Authorization in grumpydictator/firefly-iii Moderate
CVE-2023-0298 was published for grumpydictator/firefly-iii (Composer) Jan 14, 2023
Moodle Incorrect Authorization Moderate
CVE-2021-40692 was published for moodle/moodle (Composer) Sep 30, 2022
Incorrect Authorization in thinkcmf Moderate
CVE-2021-40616 was published for thinkcmf/thinkcmf (Composer) Jun 15, 2022
Magento Improper Authorization vulnerability in the customers module Moderate
CVE-2021-28567 was published for magento/community-edition (Composer) May 24, 2022
Moodle Bypass email verification secret when confirming account registration Moderate
CVE-2021-20282 was published for moodle/moodle (Composer) May 24, 2022
Missing permission check in Moodle Moderate
CVE-2021-20283 was published for moodle/moodle (Composer) May 24, 2022
WooCommerce Incorrect Authorization Moderate
CVE-2020-29156 was published for woocommerce/woocommerce (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API