Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

44 advisories

Loading
Moodle has CSRF risk in Feedback non-respondents report High
CVE-2024-43434 was published for moodle/moodle (Composer) Nov 7, 2024
SQL injection in funadmin High
CVE-2024-48224 was published for funadmin/funadmin (Composer) Oct 25, 2024
Grav File Upload Path Traversal High
CVE-2024-27921 was published for getgrav/grav (Composer) Mar 22, 2024
richighimi
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder High
CVE-2021-27916 was published for mautic/core (Composer) Apr 12, 2024
adiux mollux
Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint High
CVE-2024-42485 was published for pxlrbt/filament-excel (Composer) Aug 12, 2024
RChutchev
Appwrite Directory Traversal vulnerability High
CVE-2022-25377 was published for appwrite/server-ce (Composer) Feb 23, 2024
Zip slip in opencart High
CVE-2024-21518 was published for opencart/opencart (Composer) Jun 22, 2024
ZendFramework local file inclusion vector in `Zend_View::setScriptPath()` and `render()` High
GHSA-hx3m-959f-v849 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
TYPO3 Arbitrary Code Execution and Cross-Site Scripting in Backend API High
GHSA-x428-565f-8xj2 was published for typo3/cms-core (Composer) May 30, 2024
Path Traversal within joomla/archive tar class High
CVE-2022-23793 was published for joomla/archive (Composer) Mar 31, 2022
Grav Vulnerable to Arbitrary File Read to Account Takeover High
CVE-2024-34082 was published for getgrav/grav (Composer) May 15, 2024
richighimi
Grav CMS Arbitrary File Deletion High
CVE-2020-29555 was published for getgrav/grav (Composer) May 24, 2022
Contao Core directory traversal vulnerability High
CVE-2017-10993 was published for contao/contao (Composer) May 13, 2022
EC-CUBE Directory traversal vulnerability High
CVE-2020-5590 was published for ec-cube/ec-cube (Composer) May 24, 2022
TeamPass PHP arbitrary file include vulnerability High
CVE-2020-12479 was published for nilsteampassnet/teampass (Composer) May 24, 2022
OpenCart Path Traversal High
CVE-2018-11494 was published for opencart/opencart (Composer) May 14, 2022
ThinkAdmin directory traversal vulnerability High
CVE-2020-25540 was published for zoujingli/thinkadmin (Composer) May 24, 2022
Magento 2 Community Edition Path Traversal Vulnerability High
CVE-2019-7859 was published for magento/community-edition (Composer) May 24, 2022
Smarty Path Traversal Vulnerability High
CVE-2018-13982 was published for smarty/smarty (Composer) May 13, 2022
Relative Path Traversal (CWE-23) in chunked uploads in oneup/uploader-bundle High
CVE-2020-5237 was published for oneup/uploader-bundle (Composer) Feb 18, 2020
Symfony Directory Traversal High
CVE-2017-16654 was published for symfony/intl (Composer) May 14, 2022
Broken Access Control in Form Framework High
CVE-2021-21357 was published for typo3/cms (Composer) Mar 23, 2021
sushiwushi waldhacker1
Magento Path Traversal vulnerability High
CVE-2022-34254 was published for magento/community-edition (Composer) Aug 17, 2022
OroPlatform vulnerable to path traversal during temporary file manipulations High
CVE-2022-41951 was published for oro/platform (Composer) Nov 27, 2023
Froxlor vulnerable to Path Traversal High
CVE-2023-3172 was published for froxlor/froxlor (Composer) Jun 9, 2023
ProTip! Advisories are also available from the GraphQL API