GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,179
Erlang
31
GitHub Actions
19
Go
1,982
Maven
5,000+
npm
3,701
NuGet
656
pip
3,323
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
27 advisories
Filter by severity
Improper authentication in Symfony
High
CVE-2019-10911
was published
for
symfony/security
(Composer)
Feb 12, 2020
Disabled users able to log in with third party SSO plugin
High
CVE-2017-1000489
was published
for
mautic/core
(Composer)
Jan 19, 2021
Unauthenticated SQL Injection in Cachet
High
CVE-2021-39165
was published
for
cachethq/cachet
(Composer)
Aug 30, 2021
Account Takeover in Octobercms
High
CVE-2021-32648
was published
for
october/system
(Composer)
Aug 30, 2021
October CMS auth bypass and account takeover
High
CVE-2021-29487
was published
for
october/system
(Composer)
Aug 30, 2021
Dolibarr vulnerable to Improper Authentication and Improper Access Control
High
CVE-2021-25956
was published
for
dolibarr/dolibarr
(Composer)
Sep 2, 2021
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification
High
CVE-2021-41129
was published
for
pterodactyl/panel
(Composer)
Oct 4, 2021
Deleted Admin Can Sign In to Admin Interface
High
CVE-2021-41126
was published
for
october/october
(Composer)
Oct 6, 2021
Authentication library in TYPO3 vulnerable to session fixation
High
CVE-2009-0256
was published
for
typo3/cms
(Composer)
May 2, 2022
TYPO3 Authentication Bypass via Salted user password hashes extension
High
CVE-2010-1022
was published
for
typo3/cms-saltedpasswords
(Composer)
May 2, 2022
•
withdrawn
phpMyAdmin Improper Authentication
High
CVE-2018-12613
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 13, 2022
OXID eShop user impersonation vulnerability
High
CVE-2015-6926
was published
for
oxid-esales/oxideshop-ce
(Composer)
May 13, 2022
Moodle Improper Authentication
High
CVE-2018-1082
was published
for
moodle/moodle
(Composer)
May 13, 2022
Unauthenticated File Read in PHP Proxy
High
CVE-2018-19458
was published
for
athlon1600/php-proxy-app
(Composer)
May 14, 2022
Codiad Vulnerable to PHP Magic Hash Vulnerability
High
CVE-2020-23355
was published
for
codiad/codiad
(Composer)
May 24, 2022
Cockpit Content Platform vulnerable to 2FA bypass
High
CVE-2022-2818
was published
for
cockpit-hq/cockpit
(Composer)
Aug 16, 2022
CodeIgniter4 Potential Session Handlers Vulnerability
High
CVE-2022-46170
was published
for
codeigniter4/framework
(Composer)
Dec 22, 2022
scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token
High
GHSA-h6mp-mc7g-mg49
was published
for
scheb/two-factor-bundle
(Composer)
May 21, 2024
scheb/two-factor-bundle bypass two-factor authentication with remember-me option
High
GHSA-9phw-7h96-q3rv
was published
for
scheb/two-factor-bundle
(Composer)
May 21, 2024
Thelia authentication bypass vulnerability
High
GHSA-g8pg-33v4-9r96
was published
for
thelia/thelia
(Composer)
May 30, 2024
TYPO3 CMS Authentication Bypass vulnerability
High
GHSA-x4rj-f7m6-42c3
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Security Misconfiguration for Backend User Accounts
High
GHSA-rxc9-f2x6-qh4w
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 Security Misconfiguration for Backend User Accounts
High
GHSA-c5mj-39cf-3pp5
was published
for
typo3/cms
(Composer)
Jun 7, 2024
Zendframework potential security issue in login mechanism
High
GHSA-9v78-h226-2rmq
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendOpenID potential security issue in login mechanism
High
GHSA-3x57-m5p4-rgh4
was published
for
zendframework/zendopenid
(Composer)
Jun 7, 2024
ProTip!
Advisories are also available from the
GraphQL API