GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,801
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,010
NuGet
720
pip
3,810
Pub
12
RubyGems
930
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+
68 advisories
Filter by severity
View permissions are bypassed for paginated lists of ORM data
Moderate
CVE-2023-44401
was published
for
silverstripe/graphql
(Composer)
Jan 23, 2024
juzawebCMS Incorrect Access Control vulnerability
Moderate
CVE-2023-46906
was published
for
juzaweb/cms
(Composer)
Jan 9, 2024
Magento Open Source allows Incorrect Authorization
Moderate
CVE-2023-38218
was published
for
magento/community-edition
(Composer)
Oct 13, 2023
Magento Open Source allows Incorrect Authorization
Moderate
CVE-2023-38209
was published
for
magento/community-edition
(Composer)
Aug 9, 2023
Pimcore Customer Management Framework vulnerable to Improper Authorization in Rules Controller
Moderate
CVE-2023-3574
was published
for
pimcore/customer-management-framework-bundle
(Composer)
Jul 10, 2023
Magento Open Source affected by Improper Input Validation
Moderate
CVE-2023-22248
was published
for
magento/community-edition
(Composer)
Jun 15, 2023
Magento Open Source allows Incorrect Authorization
Moderate
CVE-2023-29288
was published
for
magento/community-edition
(Composer)
Jun 15, 2023
Access bypass in Drupal core
Moderate
CVE-2022-25274
was published
for
drupal/core
(Composer)
Apr 26, 2023
Magento Open Source allows Incorrect Authorization
Moderate
CVE-2023-22251
was published
for
magento/community-edition
(Composer)
Mar 27, 2023
Improper Authorization in grumpydictator/firefly-iii
Moderate
CVE-2023-0298
was published
for
grumpydictator/firefly-iii
(Composer)
Jan 14, 2023
Moodle Incorrect Authorization
Moderate
CVE-2021-40692
was published
for
moodle/moodle
(Composer)
Sep 30, 2022
Magento Open Source has Improper Access Control vulnerability
Moderate
CVE-2022-35692
was published
for
magento/community-edition
(Composer)
Aug 20, 2022
Incorrect Authorization in thinkcmf
Moderate
CVE-2021-40616
was published
for
thinkcmf/thinkcmf
(Composer)
Jun 15, 2022
Magento Improper Authorization vulnerability in the customers module
Moderate
CVE-2021-28567
was published
for
magento/community-edition
(Composer)
May 24, 2022
Missing permission check in Moodle
Moderate
CVE-2021-20283
was published
for
moodle/moodle
(Composer)
May 24, 2022
Moodle Bypass email verification secret when confirming account registration
Moderate
CVE-2021-20282
was published
for
moodle/moodle
(Composer)
May 24, 2022
MantisBT Incorrect Authorization in bug_actiongroup_page.php
Moderate
CVE-2020-29605
was published
for
mantisbt/mantisbt
(Composer)
May 24, 2022
WooCommerce Incorrect Authorization
Moderate
CVE-2020-29156
was published
for
woocommerce/woocommerce
(Composer)
May 24, 2022
Magento 2 Community Edition Incorrect Authorization
Moderate
CVE-2020-24401
was published
for
magento/community-edition
(Composer)
May 24, 2022
MantisBT unauthorized users able to access private files
Moderate
CVE-2020-25781
was published
for
mantisbt/mantisbt
(Composer)
May 24, 2022
Magento security mitigation bypass vulnerability
Moderate
CVE-2020-9692
was published
for
magento/community-edition
(Composer)
May 24, 2022
Moodle does not properly restrict comment capabilities
Moderate
CVE-2011-4297
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Logged in users could view all calendar events
Moderate
CVE-2019-3848
was published
for
moodle/moodle
(Composer)
May 13, 2022
Improper Authentication in moodle
Moderate
CVE-2022-0985
was published
for
moodle/moodle
(Composer)
Apr 30, 2022
Missing authorization in Moodle
Moderate
CVE-2022-0984
was published
for
moodle/moodle
(Composer)
Apr 30, 2022
ProTip!
Advisories are also available from the
GraphQL API