Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,039
Erlang
29
GitHub Actions
18
Go
1,864
Maven
5,000+
npm
3,587
NuGet
636
pip
3,176
Pub
10
RubyGems
852
Rust
805
Swift
34
Unreviewed advisories
All unreviewed
5,000+

20 advisories

Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD> High
GHSA-34qg-65m4-f23m was published for froxlor/froxlor (Composer) Aug 23, 2024
hardfalcon
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter Moderate
CVE-2023-48714 was published for silverstripe/framework (Composer) Jan 23, 2024
SilverStripe Subsite weakens file permissions Moderate
CVE-2022-42949 was published for silverstripe/subsites (Composer) Dec 19, 2022
Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued Low
CVE-2022-39284 was published for codeigniter4/framework (Composer) Oct 6, 2022
Moodle command execution vulnerability exists in the default legacy spellchecker plugin Critical
CVE-2021-21809 was published for moodle/moodle (Composer) May 24, 2022
Froxlor Incorrect Access Control High
CVE-2018-12642 was published for froxlor/froxlor (Composer) May 13, 2022
MODX Revolution Incorrect Access Control vulnerability High
CVE-2018-1000207 was published for modx/revolution (Composer) May 13, 2022
LightSAML Incorrect Access Control vulnerability High
CVE-2018-1000165 was published for lightsaml/lightsaml (Composer) May 13, 2022
Jerome Gamez Firebase Admin SDK for PHP Incorrect Access Control vulnerability High
CVE-2018-1000025 was published for kreait/firebase-php (Composer) May 13, 2022
Drupal access bypass vulnerability Moderate
CVE-2017-6928 was published for drupal/core (Composer) May 13, 2022
Statamic framework Incorrect Permission Assignment High
CVE-2017-11422 was published for statamic/cms (Composer) May 13, 2022
Bolt Improper Access Control Moderate
CVE-2017-16754 was published for bolt/bolt (Composer) May 13, 2022
Incorrect Permission Assignment for Critical Resource in ShopXO Critical
CVE-2022-28056 was published for shopxo/shopxo (Composer) May 3, 2022
Improper Access Control in Shopware High
CVE-2022-24872 was published for shopware/core (Composer) Apr 22, 2022
NilsEvers
Microweber Incorrect Permission Assignment for Critical Resource vulnerability Moderate
CVE-2022-0277 was published for microweber/microweber (Composer) Jan 21, 2022
Insecure Inherited Permissions in neoan3-apps/template High
CVE-2021-41170 was published for neoan3-apps/template (Composer) Nov 10, 2021
Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2021-32717 was published for shopware/platform (Composer) Sep 8, 2021
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. High
CVE-2021-38557 was published for billz/raspap-webgui (Composer) Sep 2, 2021
Mautic vulnerable to secret data exfiltration via symfony parameters Moderate
CVE-2021-27908 was published for mautic/core (Composer) Apr 6, 2021
Gregy fedys
Lack of access control on upoaded files Moderate
CVE-2019-12245 was published for silverstripe/assets (Composer) Nov 12, 2019
ProTip! Advisories are also available from the GraphQL API