GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
75 advisories
Symfony's `Security::login` does not take into account custom `user_checker`
Low
CVE-2024-50341
was published
for
symfony/security-bundle
(Composer)
Nov 6, 2024
Mautic vulnerable to Improper Access Control in UI upgrade process
High
CVE-2022-25768
was published
for
mautic/core
(Composer)
Sep 18, 2024
Craft CMS Allows TOTP Token To Stay Valid After Use
Moderate
CVE-2024-41800
was published
for
craftcms/cms
(Composer)
Jul 25, 2024
Firefly III has a MFA bypass in oauth flow
Moderate
CVE-2024-37893
was published
for
grumpydictator/firefly-iii
(Composer)
Jun 17, 2024
Remote Code Execution by uploading a phar file using frontmatter
Critical
CVE-2024-27923
was published
for
getgrav/grav
(Composer)
Mar 6, 2024
yiisoft/yii2-authclient's Oauth2 PKCE implementation is vulnerable
Moderate
CVE-2023-50714
was published
for
yiisoft/yii2-authclient
(Composer)
Dec 18, 2023
TYPO3 vulnerable to Weak Authentication in Session Handling
Moderate
CVE-2023-47127
was published
for
typo3/cms-core
(Composer)
Nov 14, 2023
pimcore/admin-ui-classic-bundle Unverified Password Change
Moderate
CVE-2023-5844
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Oct 31, 2023
Concrete CMS (previously concrete5) is vulnerable to possible auth bypass in the jobs section
Critical
CVE-2023-28473
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
CodeIgniter4 Potential Session Handlers Vulnerability
High
CVE-2022-46170
was published
for
codeigniter4/framework
(Composer)
Dec 22, 2022
ProTip!
Advisories are also available from the
GraphQL API