Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,870 advisories

Loading
Moodle's feedback response viewing and deletions did not respect Separate Groups mode Moderate
CVE-2025-26526 was published for moodle/moodle (Composer) Feb 24, 2025
Moodle's non-searchable tags can still be discovered on the tag search page and in the tags block Moderate
CVE-2025-26527 was published for moodle/moodle (Composer) Feb 24, 2025
Moodle has a stored XSS in ddimageortext question type Low
CVE-2025-26528 was published for moodle/moodle (Composer) Feb 24, 2025
Moodle has a stored XSS risk in admin live log High
CVE-2025-26529 was published for moodle/moodle (Composer) Feb 24, 2025
Moodle allows reflected XSS via question bank filter High
CVE-2025-26530 was published for moodle/moodle (Composer) Feb 24, 2025
Moodle has a SQL injection risk in course search module list filter High
CVE-2025-26533 was published for moodle/moodle (Composer) Feb 24, 2025
AnonySE26
Leantime allows Cross-Site Scripting (XSS) Low
GHSA-f679-254h-qhvj was published for leantime/leantime (Composer) Feb 21, 2025
justWalsdi
Leantime affected by Improper Neutralization of HTML Tags Moderate
CVE-2025-28254 was published for leantime/leantime (Composer) Feb 21, 2025
cyber-brent hugo-guzman
Leantime has Missing Authorization Check for Host Parameter Low
GHSA-3hfj-qcvj-4hx8 was published for leantime/leantime (Composer) Feb 21, 2025
harshilsecurify
Leantime allows Stored Cross-Site Scripting (XSS) High
GHSA-c39w-3pjx-qc7m was published for leantime/leantime (Composer) Feb 21, 2025
mnqazi
Leantime allows Cross-Site Request Forgery (CSRF) Moderate
GHSA-92xh-6x7v-4rmq was published for leantime/leantime (Composer) Feb 21, 2025
dead1nfluence
Leantime allows Cross Site Scripting (XSS) and SQL Injection (SQLi) High
GHSA-v4q9-437p-mhpg was published for leantime/leantime (Composer) Feb 21, 2025
0xROI
Leantime allows Stored Cross-Site Scripting (XSS) Moderate
GHSA-63cr-xg3f-8jvr was published for leantime/leantime (Composer) Feb 21, 2025
mufazmi
Leantime allows Refelected Cross-Site Scripting (XSS) Moderate
GHSA-52xf-h226-pfgx was published for leantime/leantime (Composer) Feb 21, 2025
Evildevil499
Leantime has Insufficiently Protected Credentials Moderate
GHSA-h6w8-27ph-c385 was published for leantime/leantime (Composer) Feb 21, 2025
ANIKETishereok s0calledhacker
Leantime allows Stored Cross-Site Scripting (XSS) Moderate
GHSA-mg4c-884j-pcq9 was published for leantime/leantime (Composer) Feb 21, 2025
kirankumar2117
Leantime has Host Header Injection Vulnerability Moderate
GHSA-99r5-84gr-59f6 was published for leantime/leantime (Composer) Feb 21, 2025
anim-29
Remote code execution in alextselegidis/easyappointments Moderate
CVE-2024-57601 was published for alextselegidis/easyappointments (Composer) Feb 13, 2025
Easy!Appointments Improper Restriction of Excessive Authentication Attempts Critical
CVE-2024-57602 was published for alextselegidis/easyappointments (Composer) Feb 13, 2025
Crayfish Allows Remote Code Execution via hypercube X-Islandora-Args Header Critical
GHSA-c2p2-hgjg-9r3f was published for islandora/crayfish (Composer) Feb 12, 2025
xbow-security
Improper Authorization vulnerability in Magento and Adobe Commerce Critical
CVE-2025-24434 was published for magento/community-edition (Composer) Feb 11, 2025
ihor-sviziev
Magento stored Cross-Site Scripting (XSS) vulnerability High
CVE-2025-24438 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Business Logic Error vulnerability Moderate
CVE-2025-24425 was published for magento/community-edition (Composer) Feb 11, 2025
Magento Improper Access Control vulnerability Moderate
CVE-2025-24427 was published for magento/community-edition (Composer) Feb 11, 2025
Magento stored Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2025-24428 was published for magento/community-edition (Composer) Feb 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database