Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

59 advisories

Loading
Moodle Authenticated LFI risk in some misconfigured shared hosting environments High
CVE-2024-34005 was published for moodle/moodle (Composer) May 31, 2024
AnonySE26
OXID eShop May Display User Information High
CVE-2024-56526 was published for oxid-esales/oxideshop-ce (Composer) May 13, 2025
Moodle allows unauthenticated REST API user data exposure High
CVE-2025-32044 was published for moodle/moodle (Composer) Apr 25, 2025
"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data High
CVE-2022-47410 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data High
CVE-2022-47411 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
The Direct Mail (direct_mail) TYPO3 extension improperly discloses sensitive information High
CVE-2013-7400 was published for directmailteam/direct-mail (Composer) May 13, 2022
phpMyAdmin vulnerable to Cross-Site Request Forgery High
CVE-2016-5739 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
TYPO3 Reveals Sensitive Information via Direct Request to `misc/phpcheck/` High
CVE-2005-4875 was published for typo3/cms (Composer) May 1, 2022
Connect-CMS information that is restricted to viewing is visible High
GHSA-2237-5r9w-vm8j was published for opensource-workshop/connect-cms (Composer) Feb 7, 2025
Moodle Authenticated LFI risk in some misconfigured shared hosting environments High
CVE-2024-34002 was published for moodle/moodle (Composer) May 31, 2024
phpBB vulnerable to sensitive information disclosure High
CVE-2008-6507 was published for phpbb/phpbb (Composer) May 17, 2022
Rudloff
Sylius has a security vulnerability via adjustments API endpoint High
CVE-2024-40633 was published for sylius/sylius (Composer) Jul 17, 2024
Craft CMS discloses password hashes High
CVE-2022-37783 was published for craftcms/cms (Composer) Dec 5, 2022
Adminer file disclosure vulnerability High
GHSA-97h7-mf38-g9mf was published for vrana/adminer (Composer) Jun 7, 2024
Symfony allows direct access of ESI URLs behind a trusted proxy High
CVE-2014-5245 was published for symfony/http-kernel (Composer) May 30, 2024
Silverstripe CMS information disclosure High
CVE-2020-6164 was published for silverstripe/cms (Composer) May 24, 2022
Wikimedia information leak vulnerability High
CVE-2019-12474 was published for mediawiki/core (Composer) May 24, 2022
eZ Platform User data disclosure High
GHSA-3g43-xfrw-pv5m was published for ezsystems/repository-forms (Composer) May 15, 2024
eZ Publish Information disclosure in backend content tree menu High
GHSA-cc2j-92jq-wgjg was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Dolibarr sensitive information disclosure High
CVE-2017-17898 was published for dolibarr/dolibarr (Composer) May 14, 2022
Gravity Forms plugin leak hashed passwords High
CVE-2020-13764 was published for wp-premium/gravityforms (Composer) May 24, 2022
Zend Framework Information Disclosure High
CVE-2015-7503 was published for zendframework/zend-crypt (Composer) May 17, 2022
Drupal Comment reply form allows access to restricted content High
CVE-2017-6926 was published for drupal/core (Composer) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in PhpMyAdmin High
CVE-2022-0813 was published for phpmyadmin/phpmyadmin (Composer) Mar 11, 2022
Contao: Possible cookie sharing with external domains while checking protected pages for broken links High
CVE-2024-28235 was published for contao/core-bundle (Composer) Apr 9, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database