GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
Authenticated Privilege Escalation
Low
GHSA-5q58-x5h2-v5rx
was published
for
shopware/core
(Composer)
Dec 21, 2020
Privilege escalation by backend users assigned to the default "Publisher" system role
Low
CVE-2020-15248
was published
for
october/backend
(Composer)
Nov 23, 2020
Byobu user preference to prevent private discussions being started are not respected
Low
CVE-2022-35921
was published
for
fof/byobu
(Composer)
Aug 6, 2022
Insufficient user authorization in Moodle
Low
CVE-2022-0333
was published
for
moodle/moodle
(Composer)
Jan 28, 2022
aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services
Low
CVE-2024-39324
was published
for
aimeos/ai-admin-graphql
(Composer)
Jul 2, 2024
Information Disclosure in TYPO3 Page Tree
Low
CVE-2024-47780
was published
for
typo3/cms-backend
(Composer)
Oct 8, 2024
Moodle's user/power level management inconsistent with suspended users
Low
CVE-2024-43433
was published
for
moodle/moodle
(Composer)
Nov 11, 2024
Moodle has an IDOR in badges allows disabling of arbitrary badges
Low
CVE-2025-26531
was published
for
moodle/moodle
(Composer)
Feb 24, 2025
Moodle allows teachers to evade trusttext config when restoring glossary entries
Low
CVE-2025-26532
was published
for
moodle/moodle
(Composer)
Feb 24, 2025
Magento Open Source allows Incorrect Authorization
Low
CVE-2023-29295
was published
for
magento/community-edition
(Composer)
Jun 15, 2023
Magento Open Source allows Incorrect Authorization
Low
CVE-2023-29296
was published
for
magento/community-edition
(Composer)
Jun 15, 2023
TYPO3 Allows Information Disclosure via DBAL Restriction Handling
Low
CVE-2025-47937
was published
for
typo3/cms-core
(Composer)
May 20, 2025
Magento Authenticated Security feature bypass
Low
CVE-2025-49549
was published
for
magento/community-edition
(Composer)
Jun 26, 2025
October CMS: Editor Sub-Permission Bypass for Asset and Blueprint File Operations
Low
CVE-2026-29179
was published
for
october/system
(Composer)
Apr 21, 2026
Webauthn has a User Verification Downgrade via Default-Open ClientOverridePolicy
Low
GHSA-h4fw-6r7f-w494
was published
for
web-auth/webauthn-framework
(Composer)
May 7, 2026
Twig: Sandbox property allowlist bypass via the `column` filter (array_column on objects)
Low
CVE-2026-46635
was published
for
twig/twig
(Composer)
May 21, 2026
Statamic CMS's incorrect authorization lets view-only users submit Live Preview content reserved for editors
Low
CVE-2026-54244
was published
for
statamic/cms
(Composer)
Jun 26, 2026
ProTip!
Advisories are also available from the
GraphQL API