Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

32 advisories

Loading
Moodle's IDOR in badges allows deletion of arbitrary badges Moderate
CVE-2024-43431 was published for moodle/moodle (Composer) Nov 7, 2024
TYPO3 Information Disclosure in Backend User Interface Moderate
GHSA-rv8r-8mh5-5376 was published for typo3/cms-core (Composer) May 30, 2024
SimpleSAMLphp Information Disclosure vulnerability Moderate
GHSA-ppm4-r2vc-pg74 was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
silverstripe/framework missing ACL on reports Moderate
GHSA-52cx-hpc5-cxwc was published for silverstripe/framework (Composer) May 27, 2024
MediaWiki information disclosure Moderate
CVE-2019-16738 was published for mediawiki/core (Composer) May 24, 2022
Moodle Email media URL tokens were not checking for user status Moderate
CVE-2019-14883 was published for moodle/moodle (Composer) May 24, 2022
EC-CUBE improperly handles HTTP Host header values Moderate
CVE-2022-25355 was published for ec-cube/ec-cube (Composer) Feb 25, 2022
Moodle Ability to delete glossary entries that belong to another glossary Moderate
CVE-2019-10187 was published for moodle/moodle (Composer) May 24, 2022
Moodle No groups filtering in H5P activity attempts report Moderate
CVE-2022-40316 was published for moodle/moodle (Composer) Oct 1, 2022
Moodle Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-32477 was published for moodle/moodle (Composer) Mar 12, 2022
Missing permission check in Moodle Moderate
CVE-2021-20283 was published for moodle/moodle (Composer) May 24, 2022
Moodle Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-32472 was published for moodle/moodle (Composer) Mar 12, 2022
Pimcore Admin Classic Bundle permissions are not getting checked when working with tags Moderate
CVE-2024-24822 was published for pimcore/admin-ui-classic-bundle (Composer) Feb 7, 2024
v32y142y
Ability to switch customer email address on account detail page and stay verified Moderate
CVE-2020-15245 was published for sylius/sylius (Composer) Oct 19, 2020
decemvre
Missing Authorization in Drupal Moderate
CVE-2017-6923 was published for drupal/core (Composer) Oct 10, 2019
Missing permission check of canView in GridFieldPrintButton Moderate
CVE-2023-22728 was published for silverstripe/framework (Composer) Apr 26, 2023
Dolibarr Improper Input Validation vulnerability Moderate
CVE-2023-4198 was published for dolibarr/dolibarr (Composer) Nov 1, 2023
Exposure of Sensitive Information to an Unauthorized Actor in librenms Moderate
CVE-2022-0588 was published for librenms/librenms (Composer) Feb 16, 2022
Improper Privilege Management in Snipe-IT Moderate
CVE-2022-0579 was published for snipe/snipe-it (Composer) Feb 15, 2022
Improper Access Control in snipe-it Moderate
CVE-2022-0178 was published for snipe/snipe-it (Composer) Jan 26, 2022
PrestaShop has potential Information exposure in the upload directory Moderate
CVE-2022-46158 was published for prestashop/prestashop (Composer) Dec 8, 2022
Improper Access Control in snipe/snipe-it Moderate
CVE-2022-1511 was published for snipe/snipe-it (Composer) Apr 29, 2022
Incorrect Default Permissions and Improper Access Control in snipe-it Moderate
CVE-2022-0179 was published for snipe/snipe-it (Composer) Jan 21, 2022
Missing Authorization in Crater Invoice Moderate
CVE-2022-0203 was published for bytefury/crater (Composer) Jan 27, 2022
Missing Authorization in DayByDay CRM Moderate
CVE-2022-22107 was published for bottelet/flarepoint (Composer) Jan 8, 2022
ProTip! Advisories are also available from the GraphQL API