Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,669
Erlang
34
GitHub Actions
26
Go
2,261
Maven
5,000+
npm
3,910
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

55 advisories

Loading
Moodle shows hidden grades to users without permission on some grade reports Moderate
CVE-2025-32045 was published for moodle/moodle (Composer) Apr 25, 2025
TYPO3 femanager extension allows remote frontend users to modify or delete records of other frontend users Moderate
CVE-2014-6292 was published for in2code/femanager (Composer) May 13, 2022
Moodle doesn't properly check role Low
CVE-2010-1617 was published for moodle/moodle (Composer) May 13, 2022
Drupal OAuth2 Server Missing Authorization vulnerability Low
CVE-2025-31691 was published for drupal/oauth2_server (Composer) Apr 1, 2025
Drupal Authenticator Login Missing Authorization vulnerability Moderate
CVE-2025-31681 was published for drupal/alogin (Composer) Apr 1, 2025
Drupal AI Missing Authorization vulnerability Low
CVE-2025-31678 was published for drupal/ai (Composer) Apr 1, 2025
Drupal Open Social Missing Authorization vulnerability Low
CVE-2025-31685 was published for goalgorilla/open_social (Composer) Apr 1, 2025
Drupal Open Social Missing Authorization vulnerability Low
CVE-2025-31686 was published for goalgorilla/open_social (Composer) Apr 1, 2025
Mautic vulnerable to Improper Access Control in UI upgrade process High
CVE-2022-25768 was published for mautic/core (Composer) Sep 18, 2024
mollux escopecz
patrykgruszka
Leantime has Missing Authorization Check for Host Parameter Low
GHSA-3hfj-qcvj-4hx8 was published for leantime/leantime (Composer) Feb 21, 2025
harshilsecurify
moodle: Some users can delete audiences of other reports Moderate
CVE-2024-48898 was published for moodle/moodle (Composer) Nov 18, 2024
Moodle's IDOR in badges allows deletion of arbitrary badges Moderate
CVE-2024-43431 was published for moodle/moodle (Composer) Nov 7, 2024
Snipe-IT allows users to promote or demote themselves or other users High
CVE-2024-5685 was published for snipe/snipe-it (Composer) Jun 14, 2024
TYPO3 Information Disclosure in Backend User Interface Moderate
GHSA-rv8r-8mh5-5376 was published for typo3/cms-core (Composer) May 30, 2024
SimpleSAMLphp Information Disclosure vulnerability Moderate
GHSA-ppm4-r2vc-pg74 was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
silverstripe/framework missing ACL on reports Moderate
GHSA-52cx-hpc5-cxwc was published for silverstripe/framework (Composer) May 27, 2024
MediaWiki information disclosure Moderate
CVE-2019-16738 was published for mediawiki/core (Composer) May 24, 2022
Moodle Email media URL tokens were not checking for user status Moderate
CVE-2019-14883 was published for moodle/moodle (Composer) May 24, 2022
EC-CUBE improperly handles HTTP Host header values Moderate
CVE-2022-25355 was published for ec-cube/ec-cube (Composer) Feb 25, 2022
Dolibarr arbitrary commands execution High
CVE-2018-10092 was published for dolibarr/dolibarr (Composer) May 13, 2022
Moodle Ability to delete glossary entries that belong to another glossary Moderate
CVE-2019-10187 was published for moodle/moodle (Composer) May 24, 2022
Moodle No groups filtering in H5P activity attempts report Moderate
CVE-2022-40316 was published for moodle/moodle (Composer) Oct 1, 2022
Moodle Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-32477 was published for moodle/moodle (Composer) Mar 12, 2022
Missing permission check in Moodle Moderate
CVE-2021-20283 was published for moodle/moodle (Composer) May 24, 2022
Moodle Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-32472 was published for moodle/moodle (Composer) Mar 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database