Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,948
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,383
Swift
56
Unreviewed advisories
All unreviewed
5,000+

61 advisories

Loading
Dolibarr vulnerable to privilege escalation Critical
CVE-2022-43138 was published for dolibarr/dolibarr (Composer) Nov 17, 2022
Byobu user preference to prevent private discussions being started are not respected Low
CVE-2022-35921 was published for fof/byobu (Composer) Aug 6, 2022
EC-CUBE Improper access control vulnerability High
CVE-2021-20778 was published for ec-cube/ec-cube (Composer) May 24, 2022
AVideo vulnerable to Improper Privilege Management High
CVE-2020-23489 was published for wwbn/avideo (Composer) May 24, 2022
Dolibarr CRM allows Privilege Escalation Moderate
CVE-2020-14201 was published for dolibarr/dolibarr (Composer) May 24, 2022
Magento business logic error vulnerability Critical
CVE-2020-9630 was published for magento/community-edition (Composer) May 24, 2022
bbPress unauthenticated privilege-escalation Critical
CVE-2020-13693 was published for bbpress/bbpress (Composer) May 24, 2022
CodeIgniter Improper Privilege Management High
CVE-2020-10793 was published for codeigniter4/framework (Composer) May 24, 2022
Centreon Privilege Escalation Critical
CVE-2018-21025 was published for centreon/centreon (Composer) May 24, 2022
Drupal saving user accounts can sometimes grant the user all roles High
CVE-2016-3169 was published for drupal/core (Composer) May 17, 2022
Drupal Users without "Administer comments" can set comment visibility on nodes they can edit Moderate
CVE-2016-7570 was published for drupal/core (Composer) May 17, 2022
Drupal Saving user accounts can sometimes grant the user all roles High
CVE-2016-6211 was published for drupal/core (Composer) May 17, 2022
Moodle Improper Privilege Management Moderate
CVE-2018-1134 was published for moodle/moodle (Composer) May 13, 2022
baserCMS Access Control Bypass Moderate
CVE-2018-0573 was published for baserproject/basercms (Composer) May 13, 2022
Moodle Improper Privilege Management Moderate
CVE-2017-7532 was published for moodle/moodle (Composer) May 13, 2022
Moodle External blog editing takeover Moderate
CVE-2017-7489 was published for moodle/moodle (Composer) May 13, 2022
BuddyPress Docs plugin Improper Privilege Management Moderate
CVE-2017-6954 was published for buddypress/buddypress (Composer) May 13, 2022
Drupal Entity access bypass for entities that do not have UUIDs or have protected revisions Critical
CVE-2017-6925 was published for drupal/core (Composer) May 13, 2022
phpMyAdmin Improper Privilege Management Critical
CVE-2017-18264 was published for phpmyadmin/phpmyadmin (Composer) May 13, 2022
TeamPass Improper Privilege Management High
CVE-2017-15055 was published for nilsteampassnet/teampass (Composer) May 13, 2022
TeamPass Improper Privilege Management Moderate
CVE-2017-15052 was published for nilsteampassnet/teampass (Composer) May 13, 2022
TeamPass Improper Privilege Management Moderate
CVE-2017-15053 was published for nilsteampassnet/teampass (Composer) May 13, 2022
Drupal REST API can bypass comment approval High
CVE-2017-6924 was published for drupal/core (Composer) May 13, 2022
Mediawiki Improper Privilege Management Moderate
CVE-2018-0503 was published for mediawiki/core (Composer) May 13, 2022
Piwik (now Matomo) Vulnerable to Arbitrary Code Execution Moderate
CVE-2011-4941 was published for matomo/matomo (Composer) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database