Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,781 advisories

Loading
Moodle vulnerable to Cross-Site Request Forgery Moderate
CVE-2011-4281 was published for moodle/moodle (Composer) May 13, 2022
Moodle allows remote attackers to obtain sensitive information from myprofile block by visiting user-context page Moderate
CVE-2011-4284 was published for moodle/moodle (Composer) May 13, 2022
Moodle does not force password changes for autosubscribed users Moderate
CVE-2011-4287 was published for moodle/moodle (Composer) May 13, 2022
Moodle allows remote authenticated users to cause a denial of service (invalid database records) Moderate
CVE-2011-4291 was published for moodle/moodle (Composer) May 13, 2022
Moodle does not recogniz configuration setting that makes e-mail addresses visible only to course members Moderate
CVE-2011-4289 was published for moodle/moodle (Composer) May 13, 2022
phpMyAdmin Cross-site Scripting vulnerability Moderate
CVE-2010-2958 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Moodle allows remote attackers to obtain sensitive information Moderate
CVE-2011-4283 was published for moodle/moodle (Composer) May 13, 2022
Moodle vulnerable to Cross-Site Request Forgery Moderate
CVE-2011-4133 was published for moodle/moodle (Composer) May 13, 2022
Moodle allows remote authenticated users to cause a denial of service (invalid database records) Moderate
CVE-2011-4292 was published for moodle/moodle (Composer) May 13, 2022
Moodle vulnerable to Cross-Site Request Forgery Moderate
CVE-2011-4298 was published for moodle/moodle (Composer) May 13, 2022
TYPO3 Path Traversal vulnerability Moderate
CVE-2010-5099 was published for typo3/cms (Composer) May 17, 2022
TYPO3 SQL Injection vulnerability Moderate
CVE-2010-5103 was published for typo3/cms (Composer) May 17, 2022
TYPO3 Directory Traversal vulnerability Moderate
CVE-2010-5101 was published for typo3/cms (Composer) May 17, 2022
Joomla! vulnerable to Cross-site Scripting Moderate
CVE-2011-2509 was published for joomla/joomla-cms (Composer) May 14, 2022
phpMyAdmin allows remote attackers to obtain installation path via direct request for nonexistent file Moderate
CVE-2011-0986 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Joomla! vulnerable to Cross-site Scripting Moderate
CVE-2010-1649 was published for joomla/joomla-cms (Composer) May 14, 2022
Piwik (now Matomo) Reveals Sensitive Information by Accepting Input from `POST` Requests Moderate
CVE-2013-2633 was published for matomo/matomo (Composer) May 13, 2022
Piwik (now Matomo) Vulnerable to Arbitrary Code Execution Moderate
CVE-2011-4941 was published for matomo/matomo (Composer) May 13, 2022
Concrete5 Vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2012-5181 was published for concrete5/concrete5 (Composer) May 17, 2022
Moodle Session Fixation vulnerability Moderate
CVE-2010-1613 was published for moodle/moodle (Composer) May 13, 2022
Formie has XSS vulnerability for email notification content for preview Moderate
CVE-2025-32426 was published for verbb/formie (Composer) Apr 11, 2025
Formie has XSS vulnerability for importing forms Moderate
CVE-2025-32427 was published for verbb/formie (Composer) Apr 11, 2025
Yii does not prevent XSS in scenarios where fallback error renderer is used Moderate
CVE-2025-32027 was published for yiisoft/yii (Composer) Apr 11, 2025
lgrewe
Silverstripe Framework has a XSS vulnerability in HTML editor Moderate
CVE-2025-30148 was published for silverstripe/framework (Composer) Apr 10, 2025
Silverstripe cross-site scripting (XSS) attack in elemental "Content blocks in use" report Moderate
CVE-2025-25197 was published for dnadesign/silverstripe-elemental (Composer) Apr 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database