Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

82 advisories

Loading
Froxlor customer can create MySQL databases on disallowed servers via Mysqls.add API Moderate
GHSA-q4rm-m6xh-5pv7 was published for froxlor/froxlor (Composer) Jul 2, 2026
offset Credited to offset
Craft CMS: Authorship spoofing in `entries/save-entry` via pre-check/post-mutation authorization gap High
CVE-2026-50279 was published for craftcms/cms (Composer) Jul 2, 2026
larlarua Credited to larlarua
Snipe-IT has Improper Authorization in File Deletion (IDOR) Low
CVE-2026-55519 was published for snipe/snipe-it (Composer) Jun 23, 2026
windbreaker555 Credited to windbreaker555
Shopper: Authorization bypass and RBAC privilege escalation in team settings Critical
CVE-2026-47744 was published for shopper/framework (Composer) Jun 5, 2026
baradika Credited to baradika
shopper/framework: Authorization bypass in multiple Livewire admin components High
CVE-2026-47740 was published for shopper/framework (Composer) May 18, 2026
baradika Credited to baradika
SnailSploit Credited to SnailSploit
Grav Vulnerable to Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic High
CVE-2026-42609 was published for getgrav/grav (Composer) May 5, 2026
AnhNg1410 Credited to AnhNg1410
nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields Moderate
CVE-2026-42202 was published for almirhodzic/nova-toggle-5 (Composer) Apr 24, 2026
RobertoNegro Credited to RobertoNegro
CI4MS has a Hidden Items Authorization Bypass in Fileeditor Allows Reading Secrets and Writing Protected Files Moderate
CVE-2026-39389 was published for ci4-cms-erp/ci4ms (Composer) Apr 8, 2026
offset Credited to offset
AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter Moderate
CVE-2026-34738 was published for wwbn/avideo (Composer) Apr 1, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
baserCMS has Mail Form Acceptance Bypass via Public API Moderate
CVE-2026-30878 was published for baserproject/basercms (Composer) Mar 31, 2026
melonattacker Credited to melonattacker
Craft CMS has an authorization bypass which allows any control panel user to move entries without permissions Moderate
CVE-2026-33162 was published for craftcms/cms (Composer) Mar 24, 2026
GCXWLP Credited to GCXWLP
Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information High
CVE-2026-32300 was published for opensource-workshop/connect-cms (Composer) Mar 23, 2026
odgrso Credited to odgrso
Kimai's API invoice endpoint missing customer-level access control (IDOR) Moderate
CVE-2026-28685 was published for kimai/kimai (Composer) Mar 4, 2026
CE2Sec Credited to CE2Sec
phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing) Moderate
CVE-2026-24421 was published for phpmyfaq/phpmyfaq (Composer) Jan 23, 2026
Brahim-Fouad Credited to Brahim-Fouad
nakkouchtarek Credited to nakkouchtarek
MantisBT unauthorized disclosure of private project column configuration Moderate
CVE-2025-62520 was published for mantisbt/mantisbt (Composer) Nov 3, 2025
jrckmcsb Credited to jrckmcsb, atrol, and dregad atrol atrol
dregad dregad
Moodle has a time restriction bypass Moderate
CVE-2025-62401 was published for moodle/moodle (Composer) Oct 23, 2025
HAX CMS API Lacks Authorization Checks High
CVE-2025-54378 was published for @haxtheweb/haxcms-nodejs (Composer) Jul 25, 2025
lfgberg Credited to lfgberg
Magento Improper Authorization leading to security feature bypass High
CVE-2025-43585 was published for magento/community-edition (Composer) Jun 10, 2025
Magento Improper Authorization vulnerability Moderate
CVE-2025-27188 was published for magento/community-edition (Composer) Apr 8, 2025
TastyIgniter Has an Incorrect Access Control Vulnerability Moderate
CVE-2024-44314 was published for tastyigniter/tastyigniter (Composer) Mar 18, 2025
Mautic allows Improper Authorization in Reporting API High
CVE-2024-47053 was published for mautic/core (Composer) Feb 26, 2025
escopecz Credited to escopecz and patrykgruszka patrykgruszka patrykgruszka
Improper Authorization vulnerability in Magento and Adobe Commerce Critical
CVE-2025-24434 was published for magento/community-edition (Composer) Feb 11, 2025
ihor-sviziev Credited to ihor-sviziev
Adobe Commerce Improper Authorization vulnerability High
CVE-2025-24409 was published for magento/community-edition (Composer) Feb 11, 2025
ProTip! Advisories are also available from the GraphQL API