GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
50 advisories
Filter by severity
RaspAP allows an attacker to escalate privileges
Critical
CVE-2024-41637
was published
for
billz/raspap-webgui
(Composer)
Jul 29, 2024
Privilege Escalation in TYPO3 CMS
Moderate
GHSA-v5jp-4h2p-j2p4
was published
for
typo3/cms
(Composer)
Jun 5, 2024
TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts
High
GHSA-4r76-xr68-w7m7
was published
for
typo3/cms
(Composer)
May 30, 2024
TYPO3 Broken Access Control in Localization Handling
Moderate
GHSA-9rx9-7fmh-gj3g
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Grav Vulnerable to Arbitrary File Read to Account Takeover
High
CVE-2024-34082
was published
for
getgrav/grav
(Composer)
May 15, 2024
Reportico Web fails to invalidate cookies upon logout
Moderate
CVE-2024-31556
was published
for
reportico-web/reportico
(Composer)
May 14, 2024
Dusk plugin may allow unfettered user authentication in misconfigured installs
High
CVE-2024-32003
was published
for
winter/wn-dusk-plugin
(Composer)
Apr 12, 2024
UVDesk Community Helpdesk Improper Privilege Management
High
CVE-2024-3137
was published
for
uvdesk/core-framework
(Composer)
Apr 2, 2024
Craft CMS Privilege Escalation
Moderate
CVE-2024-21622
was published
for
craftcms/cms
(Composer)
Jan 3, 2024
Moodle Improper Access Control vulnerability
Moderate
CVE-2023-5549
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
PrestaShop allows users to uninstall modules from backoffice, even with low rights
Moderate
CVE-2023-43663
was published
for
prestashop/prestashop
(Composer)
Sep 28, 2023
PrestaShop allows employee without any access rights to list all installed modules
Moderate
CVE-2023-43664
was published
for
prestashop/prestashop
(Composer)
Sep 28, 2023
Improper Privilege Management in microweber
High
CVE-2023-2240
was published
for
microweber/microweber
(Composer)
Apr 22, 2023
thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management
High
CVE-2023-1762
was published
for
thorsten/phpmyfaq
(Composer)
Mar 31, 2023
Company admin role gives excessive privileges in eZ Platform Ibexa
High
CVE-2022-48365
was published
for
ezsystems/ezplatform-kernel
(Composer)
Mar 12, 2023
Dolibarr vulnerable to privilege escalation
Critical
CVE-2022-43138
was published
for
dolibarr/dolibarr
(Composer)
Nov 17, 2022
Byobu user preference to prevent private discussions being started are not respected
Low
CVE-2022-35921
was published
for
fof/byobu
(Composer)
Aug 6, 2022
EC-CUBE Improper access control vulnerability
High
CVE-2021-20778
was published
for
ec-cube/ec-cube
(Composer)
May 24, 2022
AVideo vulnerable to Improper Privilege Management
High
CVE-2020-23489
was published
for
wwbn/avideo
(Composer)
May 24, 2022
Dolibarr CRM allows Privilege Escalation
Moderate
CVE-2020-14201
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Magento business logic error vulnerability
Critical
CVE-2020-9630
was published
for
magento/community-edition
(Composer)
May 24, 2022
bbPress unauthenticated privilege-escalation
Critical
CVE-2020-13693
was published
for
bbpress/bbpress
(Composer)
May 24, 2022
CodeIgniter Improper Privilege Management
High
CVE-2020-10793
was published
for
codeigniter4/framework
(Composer)
May 24, 2022
Centreon Privilege Escalation
Critical
CVE-2018-21025
was published
for
centreon/centreon
(Composer)
May 24, 2022
Drupal saving user accounts can sometimes grant the user all roles
High
CVE-2016-3169
was published
for
drupal/core
(Composer)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API