Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

50 advisories

Loading
RaspAP allows an attacker to escalate privileges Critical
CVE-2024-41637 was published for billz/raspap-webgui (Composer) Jul 29, 2024
Privilege Escalation in TYPO3 CMS Moderate
GHSA-v5jp-4h2p-j2p4 was published for typo3/cms (Composer) Jun 5, 2024
TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts High
GHSA-4r76-xr68-w7m7 was published for typo3/cms (Composer) May 30, 2024
TYPO3 Broken Access Control in Localization Handling Moderate
GHSA-9rx9-7fmh-gj3g was published for typo3/cms-core (Composer) May 30, 2024
Grav Vulnerable to Arbitrary File Read to Account Takeover High
CVE-2024-34082 was published for getgrav/grav (Composer) May 15, 2024
richighimi
Reportico Web fails to invalidate cookies upon logout Moderate
CVE-2024-31556 was published for reportico-web/reportico (Composer) May 14, 2024
Dusk plugin may allow unfettered user authentication in misconfigured installs High
CVE-2024-32003 was published for winter/wn-dusk-plugin (Composer) Apr 12, 2024
bennothommo
UVDesk Community Helpdesk Improper Privilege Management High
CVE-2024-3137 was published for uvdesk/core-framework (Composer) Apr 2, 2024
Craft CMS Privilege Escalation Moderate
CVE-2024-21622 was published for craftcms/cms (Composer) Jan 3, 2024
johnax0
Moodle Improper Access Control vulnerability Moderate
CVE-2023-5549 was published for moodle/moodle (Composer) Nov 9, 2023
PrestaShop allows users to uninstall modules from backoffice, even with low rights Moderate
CVE-2023-43663 was published for prestashop/prestashop (Composer) Sep 28, 2023
PrestaShop allows employee without any access rights to list all installed modules Moderate
CVE-2023-43664 was published for prestashop/prestashop (Composer) Sep 28, 2023
Improper Privilege Management in microweber High
CVE-2023-2240 was published for microweber/microweber (Composer) Apr 22, 2023
thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management High
CVE-2023-1762 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
Company admin role gives excessive privileges in eZ Platform Ibexa High
CVE-2022-48365 was published for ezsystems/ezplatform-kernel (Composer) Mar 12, 2023
Dolibarr vulnerable to privilege escalation Critical
CVE-2022-43138 was published for dolibarr/dolibarr (Composer) Nov 17, 2022
Byobu user preference to prevent private discussions being started are not respected Low
CVE-2022-35921 was published for fof/byobu (Composer) Aug 6, 2022
EC-CUBE Improper access control vulnerability High
CVE-2021-20778 was published for ec-cube/ec-cube (Composer) May 24, 2022
AVideo vulnerable to Improper Privilege Management High
CVE-2020-23489 was published for wwbn/avideo (Composer) May 24, 2022
Dolibarr CRM allows Privilege Escalation Moderate
CVE-2020-14201 was published for dolibarr/dolibarr (Composer) May 24, 2022
Magento business logic error vulnerability Critical
CVE-2020-9630 was published for magento/community-edition (Composer) May 24, 2022
bbPress unauthenticated privilege-escalation Critical
CVE-2020-13693 was published for bbpress/bbpress (Composer) May 24, 2022
CodeIgniter Improper Privilege Management High
CVE-2020-10793 was published for codeigniter4/framework (Composer) May 24, 2022
Centreon Privilege Escalation Critical
CVE-2018-21025 was published for centreon/centreon (Composer) May 24, 2022
Drupal saving user accounts can sometimes grant the user all roles High
CVE-2016-3169 was published for drupal/core (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API