GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
50 advisories
Filter by severity
Privilege escalation by backend users assigned to the default "Publisher" system role
Low
CVE-2020-15248
was published
for
october/backend
(Composer)
Nov 23, 2020
Privilage Escalation in moodle
High
CVE-2020-25699
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Privilege escalation via form generator
High
CVE-2021-37627
was published
for
contao/contao
(Composer)
Aug 23, 2021
Improper Privilege Management in Concrete CMS
High
CVE-2021-22966
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Privilege escalation in the Sulu Admin panel
High
CVE-2021-43835
was published
for
sulu/sulu
(Composer)
Dec 15, 2021
Improper Privilege Management in Snipe-IT
Moderate
CVE-2022-0579
was published
for
snipe/snipe-it
(Composer)
Feb 15, 2022
Improper Privilege Management in Snipe-IT
High
CVE-2022-0611
was published
for
snipe/snipe-it
(Composer)
Feb 17, 2022
Improper Privilege Management in Open Web Analytics
Critical
CVE-2022-24637
was published
for
open-web-analytics/open-web-analytics
(Composer)
Mar 19, 2022
Privilege escalation in easyappointments
High
CVE-2022-1397
was published
for
alextselegidis/easyappointments
(Composer)
May 11, 2022
BaserCMS privilege escallation
Moderate
CVE-2011-2674
was published
for
baserproject/basercms
(Composer)
May 13, 2022
Moodle Users could elevate their role when accessing the LTI tool on a provider site
High
CVE-2019-3849
was published
for
moodle/moodle
(Composer)
May 13, 2022
Mediawiki Improper Privilege Management
Moderate
CVE-2018-0503
was published
for
mediawiki/core
(Composer)
May 13, 2022
Drupal REST API can bypass comment approval
High
CVE-2017-6924
was published
for
drupal/core
(Composer)
May 13, 2022
TeamPass Improper Privilege Management
High
CVE-2017-15055
was published
for
nilsteampassnet/teampass
(Composer)
May 13, 2022
TeamPass Improper Privilege Management
Moderate
CVE-2017-15052
was published
for
nilsteampassnet/teampass
(Composer)
May 13, 2022
TeamPass Improper Privilege Management
Moderate
CVE-2017-15053
was published
for
nilsteampassnet/teampass
(Composer)
May 13, 2022
phpMyAdmin Improper Privilege Management
Critical
CVE-2017-18264
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 13, 2022
Drupal Entity access bypass for entities that do not have UUIDs or have protected revisions
Critical
CVE-2017-6925
was published
for
drupal/core
(Composer)
May 13, 2022
BuddyPress Docs plugin Improper Privilege Management
Moderate
CVE-2017-6954
was published
for
buddypress/buddypress
(Composer)
May 13, 2022
Moodle External blog editing takeover
Moderate
CVE-2017-7489
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Improper Privilege Management
Moderate
CVE-2017-7532
was published
for
moodle/moodle
(Composer)
May 13, 2022
baserCMS Access Control Bypass
Moderate
CVE-2018-0573
was published
for
baserproject/basercms
(Composer)
May 13, 2022
Moodle Improper Privilege Management
Moderate
CVE-2018-1134
was published
for
moodle/moodle
(Composer)
May 13, 2022
Drupal Saving user accounts can sometimes grant the user all roles
High
CVE-2016-6211
was published
for
drupal/core
(Composer)
May 17, 2022
Drupal Users without "Administer comments" can set comment visibility on nodes they can edit
Moderate
CVE-2016-7570
was published
for
drupal/core
(Composer)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API