GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,001
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
114 advisories
Filter by severity
Private data exposure via REST API in BuddyPress
High
CVE-2020-5244
was published
for
buddypress/buddypress
(Composer)
Feb 24, 2020
User can obtain JWT token even if account is disabled
High
GHSA-36mj-6r7r-mqhf
was published
for
ezsystems/ezplatform-rest
(Composer)
Sep 29, 2021
bookstack is vulnerable to Improper Access Control
Moderate
CVE-2021-4194
was published
for
ssddanbrown/bookstack
(Composer)
Jan 8, 2022
Flarum post mentions can be used to read any post on the forum without access control
High
CVE-2023-22487
was published
for
flarum/mentions
(Composer)
Jan 10, 2023
Dolibarr vulnerable to Improper Authentication and Improper Access Control
High
CVE-2021-25956
was published
for
dolibarr/dolibarr
(Composer)
Sep 2, 2021
bookstack is vulnerable to Improper Access Control
Moderate
CVE-2021-4026
was published
for
ssddanbrown/bookstack
(Composer)
Dec 1, 2021
kimai2 is vulnerable to Improper Access Control
Moderate
CVE-2021-3992
was published
for
kevinpapst/kimai2
(Composer)
Dec 3, 2021
snipe-it is vulnerable to Improper Access Control
Moderate
CVE-2021-4089
was published
for
snipe/snipe-it
(Composer)
Dec 16, 2021
BookStack is vulnerable to Improper Access Control.
Moderate
CVE-2021-4119
was published
for
ssddanbrown/bookstack
(Composer)
Dec 16, 2021
easyii CMS's File Upload Management vulnerable to unrestricted upload
Critical
CVE-2022-3771
was published
for
noumo/easyii
(Composer)
Oct 31, 2022
Improper Access Control in wp-graphql
Moderate
CVE-2019-25060
was published
for
wp-graphql/wp-graphql
(Composer)
May 10, 2022
Incorrect Authorization in microweber
High
CVE-2022-1631
was published
for
microweber/microweber
(Composer)
May 10, 2022
Incorrect Access Control vulnerability in api-platform/core
Moderate
CVE-2019-1000011
was published
for
api-platform/core
(Composer)
Oct 14, 2019
Improper Access Control in Dolibarr
Moderate
CVE-2021-25954
was published
for
dolibarr/dolibarr
(Composer)
Aug 11, 2021
Missing Authorization in Crater Invoice
Moderate
CVE-2022-0203
was published
for
bytefury/crater
(Composer)
Jan 27, 2022
Unrestricted Upload of File with Dangerous Type in Drupal core
Critical
CVE-2020-13675
was published
for
drupal/core
(Composer)
Feb 12, 2022
Moodle Improper Access Control vulnerability
High
CVE-2023-23923
was published
for
moodle/moodle
(Composer)
Feb 17, 2023
RosarioSIS Improper Access Control vulnerability
High
CVE-2023-0994
was published
for
francoisjacquet/rosariosis
(Composer)
Feb 24, 2023
thorsten/phpmyfaq vulnerable to improper access control
Moderate
CVE-2023-1883
was published
for
thorsten/phpmyfaq
(Composer)
Apr 5, 2023
alextselegidis/easyappointments Improper Access Control vulnerability
Moderate
CVE-2023-2104
was published
for
alextselegidis/easyappointments
(Composer)
Apr 15, 2023
Incorrect Default Permissions and Improper Access Control in snipe-it
Moderate
CVE-2022-0179
was published
for
snipe/snipe-it
(Composer)
Jan 21, 2022
Improper Access Control in snipe-it
Moderate
CVE-2022-0178
was published
for
snipe/snipe-it
(Composer)
Jan 26, 2022
Improper Access Control in librenms
High
CVE-2022-0580
was published
for
librenms/librenms
(Composer)
Feb 16, 2022
Incorrect Access Control in Ignition
Critical
CVE-2021-43996
was published
for
facade/ignition
(Composer)
Nov 19, 2021
Moodle incorrect access control
High
CVE-2020-25629
was published
for
moodle/moodle
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API