GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
78 advisories
Filter by severity
Socialstream has a Potential Account Takeover Vulnerability in Social Account Linking Due to Missing User Consent After OAuth Callback
High
CVE-2024-56329
was published
for
joelbutcher/socialstream
(Composer)
Dec 20, 2024
Withdrawn Advisory: Symfony http-security has authentication bypass
Moderate
CVE-2024-36611
was published
for
symfony/security-http
(Composer)
Nov 29, 2024
•
withdrawn
Symfony has an Authentication Bypass via RememberMe
High
CVE-2024-51996
was published
for
symfony/security-http
(Composer)
Nov 13, 2024
Symfony's `Security::login` does not take into account custom `user_checker`
Low
CVE-2024-50341
was published
for
symfony/security-bundle
(Composer)
Nov 6, 2024
Mautic vulnerable to Improper Access Control in UI upgrade process
High
CVE-2022-25768
was published
for
mautic/core
(Composer)
Sep 18, 2024
Craft CMS Allows TOTP Token To Stay Valid After Use
Moderate
CVE-2024-41800
was published
for
craftcms/cms
(Composer)
Jul 25, 2024
Firefly III has a MFA bypass in oauth flow
Moderate
CVE-2024-37893
was published
for
grumpydictator/firefly-iii
(Composer)
Jun 17, 2024
Magento Open Source Improper Authentication vulnerability
Critical
CVE-2024-34103
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
ZendOpenID potential security issue in login mechanism
High
GHSA-3x57-m5p4-rgh4
was published
for
zendframework/zendopenid
(Composer)
Jun 7, 2024
Zendframework potential security issue in login mechanism
High
GHSA-9v78-h226-2rmq
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
TYPO3 Security Misconfiguration for Backend User Accounts
High
GHSA-c5mj-39cf-3pp5
was published
for
typo3/cms
(Composer)
Jun 7, 2024
Improper Authentication in CraftCMS two factor authentication plugin
Moderate
CVE-2024-5658
was published
for
born05/craft-twofactorauthentication
(Composer)
Jun 6, 2024
Authentication Bypass in TYPO3 CMS
Moderate
GHSA-6xh8-8pfv-53vx
was published
for
typo3/cms
(Composer)
Jun 5, 2024
TYPO3 Security Misconfiguration for Backend User Accounts
High
GHSA-rxc9-f2x6-qh4w
was published
for
typo3/cms-core
(Composer)
May 30, 2024
TYPO3 CMS Authentication Bypass vulnerability
High
GHSA-x4rj-f7m6-42c3
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Thelia authentication bypass vulnerability
High
GHSA-g8pg-33v4-9r96
was published
for
thelia/thelia
(Composer)
May 30, 2024
Symfony may allow a user to switch to using another user's identity
Moderate
GHSA-7mx2-7q8p-pgmw
was published
for
symfony/symfony
(Composer)
May 30, 2024
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`
Moderate
GHSA-p5h2-vr99-xm99
was published
for
silverstripe/framework
(Composer)
May 27, 2024
scheb/two-factor-bundle bypass two-factor authentication with remember-me option
High
GHSA-9phw-7h96-q3rv
was published
for
scheb/two-factor-bundle
(Composer)
May 21, 2024
scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token
High
GHSA-h6mp-mc7g-mg49
was published
for
scheb/two-factor-bundle
(Composer)
May 21, 2024
Remote Code Execution by uploading a phar file using frontmatter
Critical
CVE-2024-27923
was published
for
getgrav/grav
(Composer)
Mar 6, 2024
yiisoft/yii2-authclient's Oauth2 PKCE implementation is vulnerable
Moderate
CVE-2023-50714
was published
for
yiisoft/yii2-authclient
(Composer)
Dec 18, 2023
TYPO3 vulnerable to Weak Authentication in Session Handling
Moderate
CVE-2023-47127
was published
for
typo3/cms-core
(Composer)
Nov 14, 2023
pimcore/admin-ui-classic-bundle Unverified Password Change
Moderate
CVE-2023-5844
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Oct 31, 2023
TYPO3 extension femanager Broken Access Control vulnerability
Moderate
CVE-2023-45023
was published
for
in2code/femanager
(Composer)
Oct 4, 2023
ProTip!
Advisories are also available from the
GraphQL API