Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

20 advisories

Loading
Snipe-IT's TOTP is Brute-Forceable Due to Missing Rate Limiting on `POST /two-factor` Moderate
CVE-2026-49870 was published for snipe/snipe-it (Composer) Jun 23, 2026
SakusenSec Credited to SakusenSec
FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service Moderate
CVE-2026-45802 was published for setasign/fpdi (Composer) May 19, 2026
esnard Credited to esnard
TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service Moderate
CVE-2026-33541 was published for miraheze/ts-portal (Composer) Mar 27, 2026
Universal-Omega Credited to Universal-Omega
ConcreteCMS is vulnerable to Denial of Service During Bulk Downloads Moderate
CVE-2026-30662 was published for concrete5/concrete5 (Composer) Mar 24, 2026
Moodle TeX formula editor is vulnerable to DoS through lack of execution time limits Moderate
CVE-2026-26047 was published for moodle/moodle (Composer) Feb 21, 2026
MantisBT Vulnerable to Denial-of-Service (DoS) via Excessive Note Length Moderate
CVE-2025-46556 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
TheAmazeng Credited to TheAmazeng and dregad dregad dregad
FPDI allows Memory Exhaustion (OOM) in PDF Parser which leads to Denial of Service Moderate
CVE-2025-54869 was published for setasign/fpdi (Composer) Aug 5, 2025
N0zoM1z0 Credited to N0zoM1z0
PocketMine-MP allows malicious client data to waste server resources due to lack of limits for explode() Moderate
GHSA-g274-c6jj-h78p was published for pocketmine/pocketmine-mp (Composer) Mar 10, 2025
Bref's Uploaded Files Not Deleted in Event-Driven Functions Moderate
CVE-2024-24752 was published for bref/bref (Composer) Feb 1, 2024
smaury Credited to smaury and mnapoli mnapoli mnapoli
TYPO3 Denial of Service in Online Media Asset Handling Moderate
GHSA-f3wf-q4fj-3gxf was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Denial of Service in Online Media Asset Handling Moderate
GHSA-29m4-mx89-3mjg was published for typo3/cms-core (Composer) May 30, 2024
Moodle Client side denial of service via personal message Moderate
CVE-2021-20185 was published for moodle/moodle (Composer) May 24, 2022
MediaWiki allows a denial of service Moderate
CVE-2021-41800 was published for mediawiki/core (Composer) May 24, 2022
LibreNMS vulnerable to rate limiting bypass on login page Moderate
CVE-2023-46745 was published for librenms/librenms (Composer) Nov 17, 2023
rook1337 Credited to rook1337
Froxlor vulnerable to Allocation of Resources Without Limits or Throttling Moderate
CVE-2023-2666 was published for froxlor/froxlor (Composer) May 19, 2023
Wallabag vulnerable to Allocation of Resources Without Limits or Throttling Moderate
CVE-2023-3566 was published for wallabag/wallabag (Composer) Jul 10, 2023
Denial of service from unlimited password lengths Moderate
CVE-2023-38492 was published for getkirby/cms (Composer) Jul 28, 2023
5hank4r Credited to 5hank4r
Concrete CMS vulnerable to Uncontrolled Resource Consumption leading to DoS Moderate
CVE-2022-43686 was published for concrete5/concrete5 (Composer) Nov 15, 2022
Denial of service in direct_mail Moderate
CVE-2020-12697 was published for directmailteam/direct-mail (Composer) May 24, 2021
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling Moderate
CVE-2022-36104 was published for typo3/cms (Composer) Sep 16, 2022
rikwillems Credited to rikwillems
ProTip! Advisories are also available from the GraphQL API