Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

17 advisories

Loading
Privilege escalation by backend users assigned to the default "Publisher" system role Low
CVE-2020-15248 was published for october/backend (Composer) Nov 23, 2020
Authenticated Privilege Escalation Low
GHSA-5q58-x5h2-v5rx was published for shopware/core (Composer) Dec 21, 2020
Insufficient user authorization in Moodle Low
CVE-2022-0333 was published for moodle/moodle (Composer) Jan 28, 2022
Byobu user preference to prevent private discussions being started are not respected Low
CVE-2022-35921 was published for fof/byobu (Composer) Aug 6, 2022
Magento Open Source allows Incorrect Authorization Low
CVE-2023-29296 was published for magento/community-edition (Composer) Jun 15, 2023
Magento Open Source allows Incorrect Authorization Low
CVE-2023-29295 was published for magento/community-edition (Composer) Jun 15, 2023
aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services Low
CVE-2024-39324 was published for aimeos/ai-admin-graphql (Composer) Jul 2, 2024
ssshah2131 Credited to ssshah2131
Information Disclosure in TYPO3 Page Tree Low
CVE-2024-47780 was published for typo3/cms-backend (Composer) Oct 8, 2024
ohader Credited to ohader and jpmschuler jpmschuler jpmschuler
Moodle's user/power level management inconsistent with suspended users Low
CVE-2024-43433 was published for moodle/moodle (Composer) Nov 11, 2024
Moodle has an IDOR in badges allows disabling of arbitrary badges Low
CVE-2025-26531 was published for moodle/moodle (Composer) Feb 24, 2025
Moodle allows teachers to evade trusttext config when restoring glossary entries Low
CVE-2025-26532 was published for moodle/moodle (Composer) Feb 24, 2025
TYPO3 Allows Information Disclosure via DBAL Restriction Handling Low
CVE-2025-47937 was published for typo3/cms-core (Composer) May 20, 2025
christianfutterlieb Credited to christianfutterlieb and eliashaeussler eliashaeussler eliashaeussler
Magento Authenticated Security feature bypass Low
CVE-2025-49549 was published for magento/community-edition (Composer) Jun 26, 2025
October CMS: Editor Sub-Permission Bypass for Asset and Blueprint File Operations Low
CVE-2026-29179 was published for october/system (Composer) Apr 21, 2026
Webauthn has a User Verification Downgrade via Default-Open ClientOverridePolicy Low
GHSA-h4fw-6r7f-w494 was published for web-auth/webauthn-framework (Composer) May 7, 2026
offset Credited to offset
Twig: Sandbox property allowlist bypass via the `column` filter (array_column on objects) Low
CVE-2026-46635 was published for twig/twig (Composer) May 21, 2026
Statamic CMS's incorrect authorization lets view-only users submit Live Preview content reserved for editors Low
CVE-2026-54244 was published for statamic/cms (Composer) Jun 26, 2026
jqr1449186277 Credited to jqr1449186277
ProTip! Advisories are also available from the GraphQL API