Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

156 advisories

Loading
TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration Moderate
CVE-2022-23504 was published for typo3/cms (Composer) Dec 13, 2022
ohader
PrestaShop has potential Information exposure in the upload directory Moderate
CVE-2022-46158 was published for prestashop/prestashop (Composer) Dec 8, 2022
Moodle Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-40695 was published for moodle/moodle (Composer) Sep 30, 2022
Shopware contains sensitive data in backend customer module Moderate
CVE-2022-36101 was published for shopware/shopware (Composer) Sep 16, 2022
Unauthenticated Sensitive Information Disclosure vulnerability Moderate
CVE-2022-34867 was published for libreform/libreform (Composer) Sep 7, 2022
Information Disclosure via Export Module Moderate
CVE-2022-31046 was published for typo3/cms (Composer) Jun 17, 2022
linawolf derhansen
Centreon Sensitive Data Exposure vulnerability Moderate
CVE-2020-10945 was published for centreon/centreon (Composer) May 24, 2022
Froxlor Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2020-10237 was published for froxlor/froxlor (Composer) May 24, 2022
direct_mail for Typo3 sensitive data exposure Moderate
CVE-2019-16698 was published for directmailteam/direct-mail (Composer) May 24, 2022
MediaWiki information disclosure Moderate
CVE-2019-16738 was published for mediawiki/core (Composer) May 24, 2022
Magento 2 Community Edition Information Disclosure Moderate
CVE-2019-7929 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition Information Disclosure Moderate
CVE-2019-7888 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition Path Disclosure Moderate
CVE-2019-7852 was published for magento/community-edition (Composer) May 24, 2022
Exposure of Sensitive Information in moodle Moderate
CVE-2022-30598 was published for moodle/moodle (Composer) May 19, 2022
DCE extension for Typo3 Discloses Environment Information Moderate
CVE-2014-8328 was published for t3/dce (Composer) May 17, 2022
DOMPDF Information Disclosure Moderate
CVE-2014-5011 was published for dompdf/dompdf (Composer) May 17, 2022
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file Moderate
CVE-2011-3712 was published for cakephp/cakephp (Composer) May 17, 2022
ravage84
Zend Framework XXE Vulnerability Moderate
CVE-2012-5657 was published for zendframework/zendframework1 (Composer) May 17, 2022
Typo3 Information Disclosure Moderate
CVE-2014-3946 was published for typo3/cms (Composer) May 17, 2022
Drupal sensitive information disclosure Moderate
CVE-2016-3170 was published for drupal/core (Composer) May 17, 2022
TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component Moderate
CVE-2013-7073 was published for typo3/cms (Composer) May 17, 2022
Drupal Views can allow unauthorized users to see Statistics information Moderate
CVE-2016-6212 was published for drupal/core (Composer) May 17, 2022
phpMyAdmin ReCaptcha bypass Moderate
CVE-2015-6830 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Drupal sensitive information disclosure Moderate
CVE-2016-9449 was published for drupal/core (Composer) May 17, 2022
Moodle Glossary search displays entries without checking user permissions to view them Moderate
CVE-2016-5012 was published for moodle/moodle (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API