Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

44 advisories

Loading
Shopware Customer Orders can be canceled, even if refunds are disabled Moderate
GHSA-r2vg-hvjm-fg38 was published for shopware/core (Composer) Oct 21, 2025
aragon999
Credited to aragon999
TYPO3 backend modules have Broken Access Control Moderate
CVE-2025-59017 was published for typo3/cms-backend (Composer) Sep 9, 2025
Drupal Quick Node Block Missing Authorization vulnerability Moderate
CVE-2025-48444 was published for drupal/quick_node_block (Composer) Jun 11, 2025
Drupal Quick Node Block Missing Authorization vulnerability Moderate
CVE-2025-48013 was published for drupal/quick_node_block (Composer) Jun 11, 2025
Mautic segment cloning doesn't have a proper permission check Moderate
CVE-2024-47055 was published for mautic/core (Composer) May 28, 2025
abhisekmazumdar patrykgruszka
nick-vanpraet
Credited to abhisekmazumdar, patrykgruszka, and nick-vanpraet
Moodle shows hidden grades to users without permission on some grade reports Moderate
CVE-2025-32045 was published for moodle/moodle (Composer) Apr 25, 2025
Drupal Open Social Missing Authorization vulnerability Moderate
CVE-2025-31685 was published for goalgorilla/open_social (Composer) Apr 1, 2025
Drupal AI Missing Authorization vulnerability Moderate
CVE-2025-31678 was published for drupal/ai (Composer) Apr 1, 2025
Moodle allows users to retrieve information they did not have permission to access Moderate
CVE-2024-45689 was published for moodle/moodle (Composer) Nov 20, 2024
moodle: Some users can delete audiences of other reports Moderate
CVE-2024-48898 was published for moodle/moodle (Composer) Nov 18, 2024
Moodle's IDOR in badges allows deletion of arbitrary badges Moderate
CVE-2024-43431 was published for moodle/moodle (Composer) Nov 7, 2024
TYPO3 Information Disclosure in Backend User Interface Moderate
GHSA-rv8r-8mh5-5376 was published for typo3/cms-core (Composer) May 30, 2024
SimpleSAMLphp Information Disclosure vulnerability Moderate
GHSA-ppm4-r2vc-pg74 was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
silverstripe/framework missing ACL on reports Moderate
GHSA-52cx-hpc5-cxwc was published for silverstripe/framework (Composer) May 27, 2024
Pimcore Admin Classic Bundle permissions are not getting checked when working with tags Moderate
CVE-2024-24822 was published for pimcore/admin-ui-classic-bundle (Composer) Feb 7, 2024
v32y142y
Credited to v32y142y
Dolibarr Improper Input Validation vulnerability Moderate
CVE-2023-4198 was published for dolibarr/dolibarr (Composer) Nov 1, 2023
Missing permission check of canView in GridFieldPrintButton Moderate
CVE-2023-22728 was published for silverstripe/framework (Composer) Apr 26, 2023
Flarum notifications can leak restricted content Moderate
CVE-2023-22488 was published for flarum/core (Composer) Jan 10, 2023
clarkwinkelmann
Credited to clarkwinkelmann
PrestaShop has potential Information exposure in the upload directory Moderate
CVE-2022-46158 was published for prestashop/prestashop (Composer) Dec 8, 2022
Moodle No groups filtering in H5P activity attempts report Moderate
CVE-2022-40316 was published for moodle/moodle (Composer) Oct 1, 2022
Missing permission check in Moodle Moderate
CVE-2021-20283 was published for moodle/moodle (Composer) May 24, 2022
MantisBT Missing Authorization access check in bug_actiongroup.php Moderate
CVE-2020-29604 was published for mantisbt/mantisbt (Composer) May 24, 2022
Moodle Email media URL tokens were not checking for user status Moderate
CVE-2019-14883 was published for moodle/moodle (Composer) May 24, 2022
MediaWiki information disclosure Moderate
CVE-2019-16738 was published for mediawiki/core (Composer) May 24, 2022
Moodle Ability to delete glossary entries that belong to another glossary Moderate
CVE-2019-10187 was published for moodle/moodle (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database