Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

255 advisories

Loading
Magento Information Disclosure vulnerability Low
CVE-2021-28566 was published for magento/community-edition (Composer) May 24, 2022
Magento information disclosure vulnerability Low
CVE-2020-24406 was published for magento/community-edition (Composer) May 24, 2022
Microweber Discloses Sensitive Information High
CVE-2020-13405 was published for microweber/microweber (Composer) May 24, 2022
Silverstripe CMS information disclosure High
CVE-2020-6164 was published for silverstripe/cms (Composer) May 24, 2022
Magento defense-in-depth security mitigation vulnerability High
CVE-2020-9591 was published for magento/community-edition (Composer) May 24, 2022
img_auth.php may leak private extension images into the public cache Moderate
CVE-2020-15005 was published for mediawiki/core (Composer) May 24, 2022
Rudloff
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation High
CVE-2020-13700 was published for airesvsg/acf-to-rest-api (Composer) May 24, 2022
MarkLee131
Gravity Forms plugin leak hashed passwords High
CVE-2020-13764 was published for wp-premium/gravityforms (Composer) May 24, 2022
Centreon Sensitive Data Exposure vulnerability Moderate
CVE-2020-10945 was published for centreon/centreon (Composer) May 24, 2022
Froxlor Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2020-10237 was published for froxlor/froxlor (Composer) May 24, 2022
direct_mail for Typo3 sensitive data exposure Moderate
CVE-2019-16698 was published for directmailteam/direct-mail (Composer) May 24, 2022
MediaWiki information disclosure Moderate
CVE-2019-16738 was published for mediawiki/core (Composer) May 24, 2022
Magento 2 Community Edition Information Leak High
CVE-2019-7951 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition Information Disclosure Moderate
CVE-2019-7929 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition Information Disclosure Moderate
CVE-2019-7888 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition Path Disclosure Moderate
CVE-2019-7852 was published for magento/community-edition (Composer) May 24, 2022
Wikimedia information leak vulnerability High
CVE-2019-12474 was published for mediawiki/core (Composer) May 24, 2022
Exposure of Sensitive Information in moodle Moderate
CVE-2022-30598 was published for moodle/moodle (Composer) May 19, 2022
DCE extension for Typo3 Discloses Environment Information Moderate
CVE-2014-8328 was published for t3/dce (Composer) May 17, 2022
DOMPDF Information Disclosure Moderate
CVE-2014-5011 was published for dompdf/dompdf (Composer) May 17, 2022
phpBB vulnerable to sensitive information disclosure High
CVE-2008-6507 was published for phpbb/phpbb (Composer) May 17, 2022
Rudloff
HTML Purifier allows remote attackers to obtain sensitive information Moderate
CVE-2011-3744 was published for ezyang/htmlpurifier (Composer) May 17, 2022
Rudloff
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file Moderate
CVE-2011-3712 was published for cakephp/cakephp (Composer) May 17, 2022
ravage84
TYPO3 allows remote attackers to obtain the database name via a direct request Moderate
CVE-2012-1607 was published for typo3/cms (Composer) May 17, 2022
Zend Framework XXE Vulnerability Moderate
CVE-2012-5657 was published for zendframework/zendframework1 (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database