Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,695
Maven
5,000+
npm
4,321
NuGet
761
pip
4,098
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
Grav has Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions High
CVE-2025-66301 was published for getgrav/grav (Composer) Dec 2, 2025
nakkouchtarek
Credited to nakkouchtarek
HAX CMS API Lacks Authorization Checks High
CVE-2025-54378 was published for @haxtheweb/haxcms-nodejs (Composer) Jul 25, 2025
lfgberg
Credited to lfgberg
Magento Improper Authorization leading to security feature bypass High
CVE-2025-43585 was published for magento/community-edition (Composer) Jun 10, 2025
Mautic allows Improper Authorization in Reporting API High
CVE-2024-47053 was published for mautic/core (Composer) Feb 26, 2025
escopecz patrykgruszka
Credited to escopecz and patrykgruszka
Adobe Commerce Improper Authorization vulnerability High
CVE-2025-24409 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Open Source Improper Authorization vulnerability High
CVE-2024-45132 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Authorization vulnerability High
CVE-2024-34104 was published for magento/community-edition (Composer) Jun 13, 2024
eZ Publish Legacy Passwordless login for LDAP users High
GHSA-p9mp-vq4v-v5m5 was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Magento Improper Authorization vulnerability High
CVE-2022-34256 was published for magento/community-edition (Composer) Aug 17, 2022
Magento improper authorization vulnerability High
CVE-2021-36029 was published for magento/community-edition (Composer) May 24, 2022
Moodle all messaging conversations could be viewed High
CVE-2019-10154 was published for moodle/moodle (Composer) May 24, 2022
MarkLee131
Credited to MarkLee131
Improper Authorization in librenms High
CVE-2022-0587 was published for librenms/librenms (Composer) Feb 16, 2022
Firewall configured with unanimous strategy was not actually unanimous in Symfony High
CVE-2020-5275 was published for symfony/security (Composer) Mar 30, 2020
ajgarlag chalasr
Credited to ajgarlag and chalasr
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database