Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

104 advisories

Loading
phpMyFAQ: Attachment download allowed without dlattachment right (broken access control) Moderate
CVE-2026-24420 was published for phpmyfaq/phpmyfaq (Composer) Jan 23, 2026
Brahim-Fouad Credited to Brahim-Fouad
Pimcore Web2Print Tools Bundle "Favourite Output Channel Configuration" Missing Function Level Authorization Moderate
CVE-2026-23496 was published for pimcore/web2print-tools-bundle (Composer) Jan 15, 2026
ytlamal Credited to ytlamal
Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing Moderate
CVE-2026-23495 was published for pimcore/admin-ui-classic-bundle (Composer) Jan 15, 2026
ytlamal Credited to ytlamal
Pimcore is Vulnerable to Broken Access Control: Missing Function Level Authorization on "Static Routes" Listing Moderate
CVE-2026-23494 was published for pimcore/pimcore (Composer) Jan 15, 2026
ytlamal Credited to ytlamal
phppgadmin contains an incorrect access control vulnerability Moderate
CVE-2025-60799 was published for phppgadmin/phppgadmin (Composer) Nov 20, 2025
Moodle course access permissions are not properly checked in course_output_fragment_course_overview Moderate
CVE-2025-62393 was published for moodle/moodle (Composer) Oct 23, 2025
Contao applies improper access control in the back end voters Moderate
CVE-2025-57758 was published for contao/contao (Composer) Aug 28, 2025
Magento Improper Access Control leads to security feature bypass Moderate
CVE-2025-27206 was published for magento/community-edition (Composer) Jun 10, 2025
Mautic segment cloning doesn't have a proper permission check Moderate
CVE-2024-47055 was published for mautic/core (Composer) May 28, 2025
abhisekmazumdar Credited to abhisekmazumdar, patrykgruszka, and nick-vanpraet patrykgruszka patrykgruszka
nick-vanpraet nick-vanpraet
Mautic's Predictable Page Indexing Might Lead to Sensitive Data Exposure Moderate
CVE-2025-5257 was published for mautic/core (Composer) May 28, 2025
The femanager TYPO3 extension allows Insecure Direct Object Reference Moderate
CVE-2025-48202 was published for in2code/femanager (Composer) May 21, 2025
Magento Improper Access Control leads to Security feature bypass Moderate
CVE-2025-27191 was published for magento/community-edition (Composer) Apr 8, 2025
Magento Improper Access Control leads to Security feature bypass Moderate
CVE-2025-27190 was published for magento/community-edition (Composer) Apr 8, 2025
Shopware Broken ACL on Document retrieval to access other customers documents Moderate
GHSA-68wv-g3fw-pq7q was published for shopware/core (Composer) Apr 8, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24427 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24435 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24436 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24437 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24424 was published for magento/community-edition (Composer) Feb 11, 2025
Connect-CMS Access control vulnerability Moderate
GHSA-5rjc-jc28-cwgg was published for opensource-workshop/connect-cms (Composer) Feb 7, 2025
Moodle IDOR when accessing list of course badges Moderate
CVE-2024-48899 was published for moodle/moodle (Composer) Nov 20, 2024
Magento Open Source Information Exposure vulnerability Moderate
CVE-2024-45133 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Access Control vulnerability Moderate
CVE-2024-45135 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Access Control vulnerability Moderate
CVE-2024-45121 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Access Control vulnerability Moderate
CVE-2024-45124 was published for magento/community-edition (Composer) Oct 10, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database