Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,488
Maven
5,000+
npm
4,104
NuGet
735
pip
3,923
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

174 advisories

Loading
Contao can disclose sensitive information in the news module Moderate
CVE-2025-57757 was published for contao/contao (Composer) Aug 28, 2025
fritzmg
Contao discloses sensitive information in the front end search index Moderate
CVE-2025-57756 was published for contao/contao (Composer) Aug 28, 2025
fritzmg
MantisBT may disclose project names to unauthorized users Moderate
CVE-2023-44394 was published for mantisbt/mantisbt (Composer) Oct 17, 2023
Moodle sensitive information disclosure Moderate
CVE-2015-5340 was published for moodle/moodle (Composer) May 13, 2022
decsecre583
MantisBT vulnerable to information disclosure with user profiles Moderate
CVE-2024-45792 was published for mantisbt/mantisbt (Composer) Sep 30, 2024
c-schmitz dregad
Moodle vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2013-4522 was published for moodle/moodle (Composer) May 13, 2022
AnonySE26
Moodle reveals student identities through assignment submissions search on anonymous submissions Moderate
CVE-2025-3628 was published for moodle/moodle (Composer) Apr 25, 2025
Typo3 Information Disclosure Moderate
CVE-2014-3946 was published for typo3/cms (Composer) May 17, 2022
Front End User Registration (sr_feuser_register) extension for TYPO3 allows remote attackers to obtain user names, passwords Moderate
CVE-2012-5890 was published for sjbr/sr-feuser-register (Composer) May 17, 2022
TYPO3 allows remote attackers to obtain the database name via a direct request Moderate
CVE-2012-1607 was published for typo3/cms (Composer) May 17, 2022
Moodle does not use the forceloginforprofiles setting for course-profiles access control Moderate
CVE-2011-4279 was published for moodle/moodle (Composer) May 13, 2022
Moodle allows remote attackers to obtain sensitive information from myprofile block by visiting user-context page Moderate
CVE-2011-4284 was published for moodle/moodle (Composer) May 13, 2022
Moodle does not recogniz configuration setting that makes e-mail addresses visible only to course members Moderate
CVE-2011-4289 was published for moodle/moodle (Composer) May 13, 2022
Moodle allows remote attackers to obtain sensitive information Moderate
CVE-2011-4283 was published for moodle/moodle (Composer) May 13, 2022
TYPO3 Simple Download-System with Counter and Categories Vulnerable to Information Disclosure Moderate
CVE-2009-4160 was published for jweiland/kk-downloader (Composer) May 2, 2022
TYPO3 leaks a hash secret in an error message Moderate
CVE-2009-0815 was published for typo3/cms (Composer) May 2, 2022
Moodle Authenticated LFI risk in some misconfigured shared hosting environments Moderate
CVE-2024-34004 was published for moodle/moodle (Composer) May 31, 2024
Magento Open Source allows Information Exposure Moderate
CVE-2023-29287 was published for magento/community-edition (Composer) Jun 15, 2023
Magento Information Exposure vulnerability Moderate
CVE-2025-24408 was published for magento/community-edition (Composer) Feb 11, 2025
MongoDB Driver may publish events containing authentication-related data Moderate
CVE-2021-32050 was published for github.com/mongodb/mongo-swift-driver (Composer) Aug 29, 2023
Browsershot Improper Input Validation vulnerability Moderate
CVE-2024-21549 was published for spatie/browsershot (Composer) Dec 20, 2024
Moodle IDOR when accessing list of badge recipients Moderate
CVE-2024-48900 was published for moodle/moodle (Composer) Nov 13, 2024
img_auth.php may leak private extension images into the public cache Moderate
CVE-2020-15005 was published for mediawiki/core (Composer) May 24, 2022
Rudloff
HTML Purifier allows remote attackers to obtain sensitive information Moderate
CVE-2011-3744 was published for ezyang/htmlpurifier (Composer) May 17, 2022
Rudloff
TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration Moderate
CVE-2022-23504 was published for typo3/cms (Composer) Dec 13, 2022
ohader darth-hader
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database