GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
50 advisories
Filter by severity
Improper Privilege Management in Concrete CMS
High
CVE-2021-22966
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Privilege escalation in easyappointments
High
CVE-2022-1397
was published
for
alextselegidis/easyappointments
(Composer)
May 11, 2022
Dolibarr vulnerable to privilege escalation
Critical
CVE-2022-43138
was published
for
dolibarr/dolibarr
(Composer)
Nov 17, 2022
Privilege escalation by backend users assigned to the default "Publisher" system role
Low
CVE-2020-15248
was published
for
october/backend
(Composer)
Nov 23, 2020
Privilege escalation in the Sulu Admin panel
High
CVE-2021-43835
was published
for
sulu/sulu
(Composer)
Dec 15, 2021
AVideo vulnerable to Improper Privilege Management
High
CVE-2020-23489
was published
for
wwbn/avideo
(Composer)
May 24, 2022
Company admin role gives excessive privileges in eZ Platform Ibexa
High
CVE-2022-48365
was published
for
ezsystems/ezplatform-kernel
(Composer)
Mar 12, 2023
Improper Privilege Management in Open Web Analytics
Critical
CVE-2022-24637
was published
for
open-web-analytics/open-web-analytics
(Composer)
Mar 19, 2022
thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management
High
CVE-2023-1762
was published
for
thorsten/phpmyfaq
(Composer)
Mar 31, 2023
baserCMS Access Control Bypass
Moderate
CVE-2018-0573
was published
for
baserproject/basercms
(Composer)
May 13, 2022
Improper Privilege Management in Snipe-IT
Moderate
CVE-2022-0579
was published
for
snipe/snipe-it
(Composer)
Feb 15, 2022
Improper Privilege Management in Snipe-IT
High
CVE-2022-0611
was published
for
snipe/snipe-it
(Composer)
Feb 17, 2022
Byobu user preference to prevent private discussions being started are not respected
Low
CVE-2022-35921
was published
for
fof/byobu
(Composer)
Aug 6, 2022
Dolibarr CRM allows Privilege Escalation
Moderate
CVE-2020-14201
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Privilage Escalation in moodle
High
CVE-2020-25699
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Centreon Privilege Escalation
Critical
CVE-2018-21025
was published
for
centreon/centreon
(Composer)
May 24, 2022
Moodle Improper Privilege Management
Moderate
CVE-2017-7532
was published
for
moodle/moodle
(Composer)
May 13, 2022
PrestaShop allows users to uninstall modules from backoffice, even with low rights
Moderate
CVE-2023-43663
was published
for
prestashop/prestashop
(Composer)
Sep 28, 2023
Improper Privilege Management in microweber
High
CVE-2023-2240
was published
for
microweber/microweber
(Composer)
Apr 22, 2023
PrestaShop allows employee without any access rights to list all installed modules
Moderate
CVE-2023-43664
was published
for
prestashop/prestashop
(Composer)
Sep 28, 2023
Moodle Improper Access Control vulnerability
Moderate
CVE-2023-5549
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
Craft CMS Privilege Escalation
Moderate
CVE-2024-21622
was published
for
craftcms/cms
(Composer)
Jan 3, 2024
Magento business logic error vulnerability
Critical
CVE-2020-9630
was published
for
magento/community-edition
(Composer)
May 24, 2022
BaserCMS privilege escallation
Moderate
CVE-2011-2674
was published
for
baserproject/basercms
(Composer)
May 13, 2022
Moodle Users could elevate their role when accessing the LTI tool on a provider site
High
CVE-2019-3849
was published
for
moodle/moodle
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API