Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

24 advisories

Loading
Internal exception message exposure for login action in Sylius Low
CVE-2019-16768 was published for sylius/sylius (Composer) Dec 5, 2019
Exceptions displayed in non-debug configurations in Symfony Moderate
CVE-2020-5274 was published for symfony/error-handler (Composer) Mar 30, 2020
yceruto jderusse
LukaSikic
Reset Password / Login vulnerability in Sulu Moderate
CVE-2020-15132 was published for sulu/sulu (Composer) Aug 5, 2020
Synacktiv-contrib TomKeur
Prokyonn
Information leakage in Error Handler Moderate
GHSA-9vxv-wpv4-f52p was published for shopware/shopware (Composer) May 21, 2021
Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-32712 was published for shopware/shopware (Composer) Sep 8, 2021
showdoc is vulnerable to Generation of Error Message Containing Sensitive Information Moderate
CVE-2022-0079 was published for showdoc/showdoc (Composer) Jan 6, 2022
User enumeration in livehelperchat Moderate
CVE-2022-0083 was published for remdex/livehelperchat (Composer) Jan 21, 2022
Generation of Error Message Containing Sensitive Information in microweber Moderate
CVE-2022-0504 was published for microweber/microweber (Composer) Feb 9, 2022
Generation of Error Message Containing Sensitive Information in Snipe-IT Moderate
CVE-2022-0622 was published for snipe/snipe-it (Composer) Feb 18, 2022
Generation of Error Message Containing Sensitive Information in microweber High
CVE-2022-0660 was published for microweber/microweber (Composer) Feb 19, 2022
Path Disclosure within joomla/filesystem class Moderate
CVE-2022-23794 was published for joomla/filesystem (Composer) Mar 31, 2022
Shopware database password is leaked to an unauthenticated users High
CVE-2020-13997 was published for shopware/core (Composer) May 24, 2022
mitelg
Insertion of Sensitive Information into Log File in typo3/cms-core Moderate
CVE-2022-31047 was published for typo3/cms (Composer) Jun 17, 2022
mhuber84 derhansen
Valinor error messages leading to potential data exfiltration before v0.12.0 High
CVE-2022-31140 was published for cuyz/valinor (Composer) Jul 12, 2022
Kirby CMS vulnerable to user enumeration in the brute force protection Moderate
CVE-2022-39315 was published for getkirby/cms (Composer) Oct 18, 2022
FrameworkUserBundle Generates Error Message Containing Sensitive Information High
CVE-2015-10012 was published for sumocoders/framework-user-bundle (Composer) Jan 3, 2023
league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase High
CVE-2023-37260 was published for league/oauth2-server (Composer) Jul 6, 2023
MHC03 christianmeller
CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment High
CVE-2023-46240 was published for codeigniter4/framework (Composer) Oct 30, 2023
psuet
pimcore/admin-ui-classic-bundle Full Path Disclosure via re-export document Moderate
CVE-2023-47636 was published for pimcore/admin-ui-classic-bundle (Composer) Nov 15, 2023
xcapri
Passbolt Api Retrieval of HTTP-only cookies Low
GHSA-f5pp-pmq8-gp46 was published for passbolt/passbolt_api (Composer) May 20, 2024
silverstripe/framework may disclose database credentials during connection failure Moderate
GHSA-m2hh-2m46-x6j5 was published for silverstripe/framework (Composer) May 28, 2024
Drupal Full Path Disclosure Moderate
CVE-2024-45440 was published for drupal/core (Composer) Aug 29, 2024
cmlara longwave
Moodle leaks user names Moderate
CVE-2024-48896 was published for moodle/moodle (Composer) Nov 18, 2024
phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available High
CVE-2024-54141 was published for thorsten/phpmyfaq (Composer) Dec 6, 2024
geo-chen
ProTip! Advisories are also available from the GraphQL API