Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,781 advisories

Loading
phpMyAdmin Cross-site Scripting vulnerability Moderate
CVE-2010-2958 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Moodle does not recogniz configuration setting that makes e-mail addresses visible only to course members Moderate
CVE-2011-4289 was published for moodle/moodle (Composer) May 13, 2022
Moodle allows remote authenticated users to cause a denial of service (invalid database records) Moderate
CVE-2011-4291 was published for moodle/moodle (Composer) May 13, 2022
Moodle does not force password changes for autosubscribed users Moderate
CVE-2011-4287 was published for moodle/moodle (Composer) May 13, 2022
Moodle allows remote attackers to obtain sensitive information from myprofile block by visiting user-context page Moderate
CVE-2011-4284 was published for moodle/moodle (Composer) May 13, 2022
Moodle vulnerable to Cross-Site Request Forgery Moderate
CVE-2011-4281 was published for moodle/moodle (Composer) May 13, 2022
Moodle does not use the forceloginforprofiles setting for course-profiles access control Moderate
CVE-2011-4279 was published for moodle/moodle (Composer) May 13, 2022
Moodle vulnerable to Cross-site Scripting Moderate
CVE-2011-4286 was published for moodle/moodle (Composer) May 13, 2022
Moodle does not properly restrict comment capabilities Moderate
CVE-2011-4297 was published for moodle/moodle (Composer) May 13, 2022
TYPO3 allows remote attackers to obtain the database name via a direct request Moderate
CVE-2012-1607 was published for typo3/cms (Composer) May 17, 2022
TYPO3 allows remote authenticated backend users to unserialize arbitrary objects Moderate
CVE-2012-3527 was published for typo3/cms (Composer) May 17, 2022
Front End User Registration (sr_feuser_register) extension for TYPO3 allows remote attackers to obtain user names, passwords Moderate
CVE-2012-5890 was published for sjbr/sr-feuser-register (Composer) May 17, 2022
YUI Cross-site Scripting (XSS) vulnerability Moderate
CVE-2013-4940 was published for moodle/moodle (Composer) May 13, 2022
YUI Cross-site Scripting (XSS) vulnerability Moderate
CVE-2013-4941 was published for moodle/moodle (Composer) May 13, 2022
YUI Cross-site Scripting (XSS) vulnerability Moderate
CVE-2013-4942 was published for moodle/moodle (Composer) May 13, 2022
GeSHi vulnerable to Cross-site Scripting Moderate
CVE-2012-3522 was published for geshi/geshi (Composer) May 17, 2022
TYPO3 femanager extension allows remote frontend users to modify or delete records of other frontend users Moderate
CVE-2014-6292 was published for in2code/femanager (Composer) May 13, 2022
TYPO3 powermail extension allows remote attackers to bypass CAPTCHA protection mechanism Moderate
CVE-2014-6288 was published for in2code/powermail (Composer) May 17, 2022
fal_sftp extension for TYPO3 uses weak permissions for sFTP driver files and folders Moderate
CVE-2014-8327 was published for co-stack/fal_sftp (Composer) May 17, 2022
TYPO3 allows remote attackers to embed Flash videos from external domain Moderate
CVE-2015-8760 was published for typo3/cms (Composer) May 17, 2022
TYPO3 CMS indexed search Cross-site Scripting vulnerability Moderate
CVE-2015-8756 was published for typo3/cms (Composer) May 17, 2022
TYPO3 Cross-site Scripting vulnerability Moderate
CVE-2015-8759 was published for typo3/cms (Composer) May 17, 2022
phpMyAdmin vulnerable to Cross-site Scripting Moderate
CVE-2016-5701 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
phpMyAdmin vulnerable to Cross-site Scripting Moderate
CVE-2016-5705 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
phpMyAdmin vulnerable to Cross-site Scripting Moderate
CVE-2016-5733 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database