Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,483
Maven
5,000+
npm
4,104
NuGet
734
pip
3,917
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

257 advisories

Loading
Pimcore Preview Documents are not restricted to logged in users anymore Moderate
CVE-2024-29197 was published for pimcore/pimcore (Composer) Mar 26, 2024
rliebi patryser
Storefront user can access history and most viewed data from matching back-office user with the same ID Moderate
CVE-2023-48296 was published for oro/customer-portal (Composer) Mar 25, 2024
Pinned entity creation form shows wrong data Moderate
CVE-2023-45824 was published for oro/platform (Composer) Mar 25, 2024
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler High
CVE-2024-25121 was published for typo3/cms-core (Composer) Feb 13, 2024
ohader
TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme Moderate
CVE-2024-25120 was published for typo3/cms-core (Composer) Feb 13, 2024
sushiwushi bnf
TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key Moderate
CVE-2024-25119 was published for typo3/cms-core (Composer) Feb 13, 2024
bnf
TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords Moderate
CVE-2024-25118 was published for typo3/cms-core (Composer) Feb 13, 2024
lolli42 ohader
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter Moderate
CVE-2023-48714 was published for silverstripe/framework (Composer) Jan 23, 2024
Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method High
CVE-2023-48122 was published for microweber/microweber (Composer) Dec 8, 2023
Test code in published microsoft-graph-beta package exposes phpinfo() Moderate
GHSA-7mc6-x925-7qvx was published for microsoft/microsoft-graph-beta (Composer) Dec 5, 2023
Test code in published microsoft-graph-core package exposes phpinfo() Moderate
CVE-2023-49283 was published for microsoft/microsoft-graph-core (Composer) Dec 5, 2023
Test code in published microsoft-graph package exposes phpinfo() Moderate
CVE-2023-49282 was published for microsoft/microsoft-graph (Composer) Dec 5, 2023
LibreNMS has Broken Access control on Graphs Feature Moderate
CVE-2023-48294 was published for librenms/librenms (Composer) Nov 17, 2023
rook1337
Information Disclosure in typo3/cms-install tool Low
CVE-2023-47126 was published for typo3/cms-install (Composer) Nov 14, 2023
liayn
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-5545 was published for moodle/moodle (Composer) Nov 9, 2023
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability Low
CVE-2023-5551 was published for moodle/moodle (Composer) Nov 9, 2023
Json response for search reveals Solr credentials Critical
GHSA-7crc-r3wg-cfgf was published for ezsystems/ezplatform-solr-search-engine (Composer) Nov 3, 2023
Json response for search reveals Solr credentials Critical
GHSA-v6xp-ccvx-w52m was published for ibexa/solr (Composer) Nov 3, 2023
MantisBT may disclose project names to unauthorized users Moderate
CVE-2023-44394 was published for mantisbt/mantisbt (Composer) Oct 17, 2023
Cache poisoning in drupal/core Critical
CVE-2023-5256 was published for drupal/core (Composer) Sep 28, 2023
westonsteimel
Pimcore Demo Allows GraphQL Introspection Moderate
CVE-2023-5192 was published for pimcore/demo (Composer) Sep 27, 2023
MongoDB Driver may publish events containing authentication-related data Moderate
CVE-2021-32050 was published for github.com/mongodb/mongo-swift-driver (Composer) Aug 29, 2023
Information Disclosure due to Out-of-scope Site Resolution Low
CVE-2023-38499 was published for typo3/cms-core (Composer) Jul 25, 2023
fe-hicking ohader
bnf
Pimcore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2023-3819 was published for pimcore/pimcore (Composer) Jul 21, 2023
dkarlovi
TeamPass information exposure vulnerability High
CVE-2023-3553 was published for nilsteampassnet/teampass (Composer) Jul 8, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database