Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

50 advisories

Loading
Privilege escalation by backend users assigned to the default "Publisher" system role Low
CVE-2020-15248 was published for october/backend (Composer) Nov 23, 2020
Privilage Escalation in moodle High
CVE-2020-25699 was published for moodle/moodle (Composer) Mar 29, 2021
Privilege escalation via form generator High
CVE-2021-37627 was published for contao/contao (Composer) Aug 23, 2021
ausi
Improper Privilege Management in Concrete CMS High
CVE-2021-22966 was published for concrete5/core (Composer) Nov 23, 2021
Privilege escalation in the Sulu Admin panel High
CVE-2021-43835 was published for sulu/sulu (Composer) Dec 15, 2021
Improper Privilege Management in Snipe-IT Moderate
CVE-2022-0579 was published for snipe/snipe-it (Composer) Feb 15, 2022
Improper Privilege Management in Snipe-IT High
CVE-2022-0611 was published for snipe/snipe-it (Composer) Feb 17, 2022
Improper Privilege Management in Open Web Analytics Critical
CVE-2022-24637 was published for open-web-analytics/open-web-analytics (Composer) Mar 19, 2022
Privilege escalation in easyappointments High
CVE-2022-1397 was published for alextselegidis/easyappointments (Composer) May 11, 2022
BaserCMS privilege escallation Moderate
CVE-2011-2674 was published for baserproject/basercms (Composer) May 13, 2022
Moodle Users could elevate their role when accessing the LTI tool on a provider site High
CVE-2019-3849 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Mediawiki Improper Privilege Management Moderate
CVE-2018-0503 was published for mediawiki/core (Composer) May 13, 2022
Drupal REST API can bypass comment approval High
CVE-2017-6924 was published for drupal/core (Composer) May 13, 2022
TeamPass Improper Privilege Management High
CVE-2017-15055 was published for nilsteampassnet/teampass (Composer) May 13, 2022
TeamPass Improper Privilege Management Moderate
CVE-2017-15052 was published for nilsteampassnet/teampass (Composer) May 13, 2022
TeamPass Improper Privilege Management Moderate
CVE-2017-15053 was published for nilsteampassnet/teampass (Composer) May 13, 2022
phpMyAdmin Improper Privilege Management Critical
CVE-2017-18264 was published for phpmyadmin/phpmyadmin (Composer) May 13, 2022
Drupal Entity access bypass for entities that do not have UUIDs or have protected revisions Critical
CVE-2017-6925 was published for drupal/core (Composer) May 13, 2022
BuddyPress Docs plugin Improper Privilege Management Moderate
CVE-2017-6954 was published for buddypress/buddypress (Composer) May 13, 2022
Moodle External blog editing takeover Moderate
CVE-2017-7489 was published for moodle/moodle (Composer) May 13, 2022
Moodle Improper Privilege Management Moderate
CVE-2017-7532 was published for moodle/moodle (Composer) May 13, 2022
baserCMS Access Control Bypass Moderate
CVE-2018-0573 was published for baserproject/basercms (Composer) May 13, 2022
Moodle Improper Privilege Management Moderate
CVE-2018-1134 was published for moodle/moodle (Composer) May 13, 2022
Drupal Saving user accounts can sometimes grant the user all roles High
CVE-2016-6211 was published for drupal/core (Composer) May 17, 2022
Drupal Users without "Administer comments" can set comment visibility on nodes they can edit Moderate
CVE-2016-7570 was published for drupal/core (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database