Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,730
Erlang
35
GitHub Actions
29
Go
2,306
Maven
5,000+
npm
3,947
NuGet
711
pip
3,727
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

255 advisories

Loading
OXID eShop May Display User Information High
CVE-2024-56526 was published for oxid-esales/oxideshop-ce (Composer) May 13, 2025
Moodle allows unauthenticated REST API user data exposure High
CVE-2025-32044 was published for moodle/moodle (Composer) Apr 25, 2025
Moodle reveals student identities through assignment submissions search on anonymous submissions Moderate
CVE-2025-3628 was published for moodle/moodle (Composer) Apr 25, 2025
Magento Information Exposure vulnerability Moderate
CVE-2025-24408 was published for magento/community-edition (Composer) Feb 11, 2025
Connect-CMS information that is restricted to viewing is visible High
GHSA-2237-5r9w-vm8j was published for opensource-workshop/connect-cms (Composer) Feb 7, 2025
Browsershot Improper Input Validation vulnerability Moderate
CVE-2024-21549 was published for spatie/browsershot (Composer) Dec 20, 2024
Moodle IDOR when accessing list of badge recipients Moderate
CVE-2024-48900 was published for moodle/moodle (Composer) Nov 13, 2024
Moodle has user information visibility control issues in gradebook reports Low
CVE-2024-43429 was published for moodle/moodle (Composer) Nov 11, 2024
Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient Low
CVE-2024-50342 was published for symfony/http-client (Composer) Nov 6, 2024
nicolas-grekas zozs
cs278
Magento Open Source Information Exposure vulnerability Moderate
CVE-2024-45134 was published for magento/community-edition (Composer) Oct 10, 2024
MantisBT vulnerable to information disclosure with user profiles Moderate
CVE-2024-45792 was published for mantisbt/mantisbt (Composer) Sep 30, 2024
c-schmitz dregad
Mautic allows users enumeration due to weak password login Moderate
CVE-2024-47059 was published for mautic/core (Composer) Sep 18, 2024
tomekkowalczyk patrykgruszka
escopecz rafibz007
Pimcore vulnerable to disclosure of system and database information behind /admin firewall Moderate
CVE-2024-41109 was published for pimcore/admin-ui-classic-bundle (Composer) Jul 30, 2024
mysliwietzflorian
Sylius has a security vulnerability via adjustments API endpoint High
CVE-2024-40633 was published for sylius/sylius (Composer) Jul 17, 2024
Silverstripe Reports are still accessible even when `canView()` returns false Moderate
CVE-2024-29885 was published for silverstripe/reports (Composer) Jul 17, 2024
Adminer file disclosure vulnerability High
GHSA-97h7-mf38-g9mf was published for vrana/adminer (Composer) Jun 7, 2024
Zend-developer-tools information disclosure vulnerability Moderate
GHSA-qg7m-mwxm-j3h7 was published for zendframework/zend-developer-tools (Composer) Jun 7, 2024
ZendFramework Information Disclosure and Insufficient Entropy vulnerability Moderate
GHSA-2fhr-8r8r-qp56 was published for zendframework/zendframework (Composer) Jun 7, 2024
TYPO3 Information Disclosure in Install Tool Moderate
GHSA-6487-3qvg-8px9 was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Information Disclosure of Installed Extensions Moderate
GHSA-f624-8hfq-5fh3 was published for typo3/cms (Composer) Jun 7, 2024
Password hash exposed in CraftCMS two factor authentication plugin Low
CVE-2024-5657 was published for born05/craft-twofactorauthentication (Composer) Jun 6, 2024
Typo3 Arbitrary File Disclosure in Form Component Moderate
GHSA-wrpf-2x8h-82gr was published for typo3/cms (Composer) Jun 4, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments High
CVE-2024-34002 was published for moodle/moodle (Composer) May 31, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments Moderate
CVE-2024-34004 was published for moodle/moodle (Composer) May 31, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments Moderate
CVE-2024-34003 was published for moodle/moodle (Composer) May 31, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database