Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

27 advisories

Loading
Improper authentication in Symfony High
CVE-2019-10911 was published for symfony/security (Composer) Feb 12, 2020
Disabled users able to log in with third party SSO plugin High
CVE-2017-1000489 was published for mautic/core (Composer) Jan 19, 2021
Unauthenticated SQL Injection in Cachet High
CVE-2021-39165 was published for cachethq/cachet (Composer) Aug 30, 2021
phith0n
Account Takeover in Octobercms High
CVE-2021-32648 was published for october/system (Composer) Aug 30, 2021
October CMS auth bypass and account takeover High
CVE-2021-29487 was published for october/system (Composer) Aug 30, 2021
Dolibarr vulnerable to Improper Authentication and Improper Access Control High
CVE-2021-25956 was published for dolibarr/dolibarr (Composer) Sep 2, 2021
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification High
CVE-2021-41129 was published for pterodactyl/panel (Composer) Oct 4, 2021
Deleted Admin Can Sign In to Admin Interface High
CVE-2021-41126 was published for october/october (Composer) Oct 6, 2021
Authentication library in TYPO3 vulnerable to session fixation High
CVE-2009-0256 was published for typo3/cms (Composer) May 2, 2022
TYPO3 Authentication Bypass via Salted user password hashes extension High
CVE-2010-1022 was published for typo3/cms-saltedpasswords (Composer) May 2, 2022 withdrawn
phpMyAdmin Improper Authentication High
CVE-2018-12613 was published for phpmyadmin/phpmyadmin (Composer) May 13, 2022
OXID eShop user impersonation vulnerability High
CVE-2015-6926 was published for oxid-esales/oxideshop-ce (Composer) May 13, 2022
Moodle Improper Authentication High
CVE-2018-1082 was published for moodle/moodle (Composer) May 13, 2022
Unauthenticated File Read in PHP Proxy High
CVE-2018-19458 was published for athlon1600/php-proxy-app (Composer) May 14, 2022
Codiad Vulnerable to PHP Magic Hash Vulnerability High
CVE-2020-23355 was published for codiad/codiad (Composer) May 24, 2022
Cockpit Content Platform vulnerable to 2FA bypass High
CVE-2022-2818 was published for cockpit-hq/cockpit (Composer) Aug 16, 2022
CodeIgniter4 Potential Session Handlers Vulnerability High
CVE-2022-46170 was published for codeigniter4/framework (Composer) Dec 22, 2022
srtnlgn
scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token High
GHSA-h6mp-mc7g-mg49 was published for scheb/two-factor-bundle (Composer) May 21, 2024
scheb/two-factor-bundle bypass two-factor authentication with remember-me option High
GHSA-9phw-7h96-q3rv was published for scheb/two-factor-bundle (Composer) May 21, 2024
Thelia authentication bypass vulnerability High
GHSA-g8pg-33v4-9r96 was published for thelia/thelia (Composer) May 30, 2024
TYPO3 CMS Authentication Bypass vulnerability High
GHSA-x4rj-f7m6-42c3 was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Security Misconfiguration for Backend User Accounts High
GHSA-rxc9-f2x6-qh4w was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Security Misconfiguration for Backend User Accounts High
GHSA-c5mj-39cf-3pp5 was published for typo3/cms (Composer) Jun 7, 2024
Zendframework potential security issue in login mechanism High
GHSA-9v78-h226-2rmq was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendOpenID potential security issue in login mechanism High
GHSA-3x57-m5p4-rgh4 was published for zendframework/zendopenid (Composer) Jun 7, 2024
ProTip! Advisories are also available from the GraphQL API