Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,080
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,869 advisories

Loading
Moodle Insecure direct object reference (IDOR) in a calendar web service Moderate
CVE-2021-43560 was published for moodle/moodle (Composer) May 24, 2022
Moodle Persistent Cross-site Scripting (XSS) Moderate
CVE-2019-18210 was published for moodle/moodle (Composer) May 24, 2022
Moodle may allow authenticated users to enumerate other user's names via learning plans page Moderate
CVE-2023-28334 was published for moodle/moodle (Composer) Mar 23, 2023
Moodle reflected Cross-site Scripting (XSS) Moderate
CVE-2019-14884 was published for moodle/moodle (Composer) May 24, 2022
jkylekelly
Credited to jkylekelly
Passbolt API allows HTML injection Moderate
CVE-2024-33670 was published for passbolt/passbolt_api (Composer) Apr 26, 2024
Contao Core directory traversal vulnerability Moderate
CVE-2015-0269 was published for contao/core (Composer) May 17, 2022
Contao Information Disclosure via Access Control Flaws Moderate
CVE-2018-20028 was published for contao/contao (Composer) May 13, 2022
DOMPDF Arbitrary File Read Moderate
CVE-2014-2383 was published for dompdf/dompdf (Composer) May 14, 2022
PyroCMS Vulnerable to CSRF Moderate
CVE-2020-25262 was published for pyrocms/pyrocms (Composer) May 24, 2022
Laravel does not properly constrain the host portion of a password-reset URL Moderate
CVE-2017-9303 was published for illuminate/auth (Composer) May 17, 2022
Croogo vulnerable to Cross-site Scripting in title field Moderate
CVE-2019-7173 was published for croogo/croogo (Composer) May 14, 2022
Gleez CMS Vulnerable to Cross-site Scripting in media/imagecache/resize Moderate
CVE-2018-16347 was published for gleez/cms (Composer) May 14, 2022
Gleez CMS Vulnerability Allows Forced Browsing to Profile Page of Other Users Moderate
CVE-2018-16704 was published for gleez/cms (Composer) May 13, 2022
ViMbAdmin Cross-site Scripting Vulnerabilities Moderate
CVE-2017-5870 was published for opensolutions/vimbadmin (Composer) May 17, 2022
Craft CMS Cross-site Scripting (XSS) Vulnerability Moderate
CVE-2018-20418 was published for craftcms/cms (Composer) May 14, 2022
Craft CMS subject to URL forgery Moderate
CVE-2017-8385 was published for craftcms/cms (Composer) May 17, 2022
OpenCart-Overclocked Cross-site Scripting Vulnerability Moderate
CVE-2018-1000640 was published for villagedefrance/opencart-overclocked (Composer) May 14, 2022
ZF-Commons ZfcUser Vulnerable to XSS in Login Redirect Moderate
CVE-2015-1039 was published for zf-commons/zfc-user (Composer) May 17, 2022
Codiad Cross-site Scripting Vulnerability Moderate
CVE-2020-14042 was published for codiad/codiad (Composer) May 24, 2022
Symfony Open Redirect Moderate
CVE-2018-19790 was published for symfony/security (Composer) May 14, 2022
Symfony SSRF Vulnerability via Form Component Moderate
CVE-2017-16790 was published for symfony/form (Composer) May 14, 2022
Symfony Vulnerable to PHP Eval Injection Moderate
CVE-2015-2308 was published for symfony/http-kernel (Composer) May 17, 2022
Symfony Denial of Service Via Long Password Hashing Moderate
CVE-2013-5958 was published for symfony/polyfill (Composer) May 17, 2022
Appwrite Vulnerable to Cross-site Scripting Moderate
CVE-2022-2925 was published for appwrite/server-ce (Composer) Sep 10, 2022
Subrion CMS PHP Object Injection Moderate
CVE-2020-12469 was published for intelliants/subrion (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database