Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,698
Maven
5,000+
npm
4,325
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,886 advisories

Loading
Moodle vulnerable to XSS via bundled spikephpcoverage library Moderate
CVE-2011-4280 was published for moodle/moodle (Composer) May 13, 2022
Moodle Incorrect Default Settings Moderate
CVE-2011-4285 was published for moodle/moodle (Composer) May 13, 2022
Moodle does not force password changes for autosubscribed users Moderate
CVE-2011-4287 was published for moodle/moodle (Composer) May 13, 2022
Moodle allows remote authenticated users to cause a denial of service (invalid database records) Moderate
CVE-2011-4291 was published for moodle/moodle (Composer) May 13, 2022
Moodle does not recogniz configuration setting that makes e-mail addresses visible only to course members Moderate
CVE-2011-4289 was published for moodle/moodle (Composer) May 13, 2022
Moodle allows remote authenticated users to cause a denial of service (invalid database records) Moderate
CVE-2011-4292 was published for moodle/moodle (Composer) May 13, 2022
Silverstripe CMS XSS Vulnerability Moderate
CVE-2015-8606 was published for silverstripe/cms (Composer) May 13, 2022
Symphony CMS XSS Vulnerabilities Moderate
CVE-2015-8766 was published for symphonycms/symphony-2 (Composer) May 13, 2022
Moodle XSS Vulnerability Moderate
CVE-2019-3808 was published for moodle/moodle (Composer) May 13, 2022
Moodle Unauthenticated users can trigger custom messages to admin via paypal enrol script Moderate
CVE-2018-1081 was published for moodle/moodle (Composer) May 13, 2022
Gleez CMS Vulnerability Allows Forced Browsing to Profile Page of Other Users Moderate
CVE-2018-16704 was published for gleez/cms (Composer) May 13, 2022
Contao Information Disclosure via Access Control Flaws Moderate
CVE-2018-20028 was published for contao/contao (Composer) May 13, 2022
Moodle Secure layout contained an insecure link in Boost theme Moderate
CVE-2019-3851 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle context freezing Moderate
CVE-2019-3852 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131 decsecre583
Credited to MarkLee131 and decsecre583
phpMyAdmin Arbitrary file read vulnerability Moderate
CVE-2019-6799 was published for phpmyadmin/phpmyadmin (Composer) May 13, 2022
October CMS XSS Moderate
CVE-2017-1000193 was published for october/october (Composer) May 13, 2022
daftspunk
Credited to daftspunk
October CMS - RainLab Blog Plugin XSS Moderate
CVE-2018-7198 was published for rainlab/blog-plugin (Composer) May 13, 2022
daftspunk
Credited to daftspunk
OctoberCMS Cross-Site Scripting Moderate
CVE-2017-15284 was published for october/rain (Composer) May 13, 2022
MAGMI plugin for Magento Server Directory Traversal Moderate
CVE-2015-2067 was published for dweeves/magmi (Composer) May 13, 2022
MAGMI cross-site scripting (XSS) Moderate
CVE-2015-2068 was published for dweeves/magmi (Composer) May 13, 2022
Piwik (now Matomo) Reveals Sensitive Information by Accepting Input from `POST` Requests Moderate
CVE-2013-2633 was published for matomo/matomo (Composer) May 13, 2022
Piwik (now Matomo) Vulnerable to Arbitrary Code Execution Moderate
CVE-2011-4941 was published for matomo/matomo (Composer) May 13, 2022
Mediawiki information disclosure vulnerability Moderate
CVE-2018-0504 was published for mediawiki/core (Composer) May 13, 2022
MODX vulnerability allows for XSS via user settings parameters Moderate
CVE-2018-20758 was published for modx/revolution (Composer) May 13, 2022
Mediawiki BotPassword can bypass CentralAuth's account lock Moderate
CVE-2018-0505 was published for mediawiki/core (Composer) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database