Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,656
Maven
5,000+
npm
4,284
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

176 advisories

Loading
DOMPDF Information Disclosure Moderate
CVE-2014-5011 was published for dompdf/dompdf (Composer) May 17, 2022
HTML Purifier allows remote attackers to obtain sensitive information Moderate
CVE-2011-3744 was published for ezyang/htmlpurifier (Composer) May 17, 2022
Rudloff
Credited to Rudloff
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file Moderate
CVE-2011-3712 was published for cakephp/cakephp (Composer) May 17, 2022
ravage84
Credited to ravage84
TYPO3 allows remote attackers to obtain the database name via a direct request Moderate
CVE-2012-1607 was published for typo3/cms (Composer) May 17, 2022
Zend Framework XXE Vulnerability Moderate
CVE-2012-5657 was published for zendframework/zendframework1 (Composer) May 17, 2022
Typo3 Information Disclosure Moderate
CVE-2014-3946 was published for typo3/cms (Composer) May 17, 2022
Drupal sensitive information disclosure Moderate
CVE-2016-3170 was published for drupal/core (Composer) May 17, 2022
TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component Moderate
CVE-2013-7073 was published for typo3/cms (Composer) May 17, 2022
Drupal Views can allow unauthorized users to see Statistics information Moderate
CVE-2016-6212 was published for drupal/core (Composer) May 17, 2022
phpMyAdmin ReCaptcha bypass Moderate
CVE-2015-6830 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Drupal sensitive information disclosure Moderate
CVE-2016-9449 was published for drupal/core (Composer) May 17, 2022
Moodle Glossary search displays entries without checking user permissions to view them Moderate
CVE-2016-5012 was published for moodle/moodle (Composer) May 17, 2022
phpMyAdmin Local file exposure through symlinks with UploadDir Moderate
CVE-2016-6613 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
phpMyAdmin Local file exposure Moderate
CVE-2016-6612 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
phpMyAdmin allows to detect if user is logged in Moderate
CVE-2016-6625 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
phpMyAdmin path disclosure Moderate
CVE-2016-9853 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Moodle Global search displays user names for unauthenticated users Moderate
CVE-2017-2643 was published for moodle/moodle (Composer) May 17, 2022
Moodle User fullname disclosure on user preferences page Moderate
CVE-2017-2642 was published for moodle/moodle (Composer) May 17, 2022
TYPO3 Sensitive Information Disclosure via escapeStrForLike method Moderate
CVE-2010-5104 was published for typo3/cms-core (Composer) May 17, 2022
phpMyAdmin vulnerable to XML external entity (XXE) injection attack Moderate
CVE-2011-4107 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Front End User Registration (sr_feuser_register) extension for TYPO3 allows remote attackers to obtain user names, passwords Moderate
CVE-2012-5890 was published for sjbr/sr-feuser-register (Composer) May 17, 2022
SimpleSAMLphp Unauthenticated encryption in CBC mode Moderate
CVE-2017-12870 was published for simplesamlphp/simplesamlphp (Composer) May 17, 2022
Fastly Magento2 sensitive information disclosure Moderate
CVE-2017-13761 was published for fastly/magento2 (Composer) May 17, 2022
Moodle sensitive information disclosure Moderate
CVE-2017-12157 was published for moodle/moodle (Composer) May 17, 2022
Laravel Sensitive Data Exposure Moderate
CVE-2017-14775 was published for illuminate/auth (Composer) May 17, 2022
G-Rath
Credited to G-Rath
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database