Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,701
Maven
5,000+
npm
4,328
NuGet
761
pip
4,103
Pub
12
RubyGems
958
Rust
1,064
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,886 advisories

Loading
Moodle cross-site scripting (XSS) vulnerability Moderate
CVE-2014-0218 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
MediaWiki allows a denial of service Moderate
CVE-2021-41800 was published for mediawiki/core (Composer) May 24, 2022
browsershot local file inclusion vulnerability Moderate
CVE-2020-7790 was published for spatie/browsershot (Composer) May 24, 2022
z-song laravel-admin XSS via the Slug or Name on the Roles screen Moderate
CVE-2019-17433 was published for encore/laravel-admin (Composer) May 24, 2022
Craft CMS Cross-site Scripting Vulnerability Moderate
CVE-2020-19626 was published for craftcms/cms (Composer) May 24, 2022
DOMPDF denial of service vulnerability Moderate
CVE-2014-5012 was published for dompdf/dompdf (Composer) May 17, 2022
Bref Doesn't Support Multiple Value Headers in ApiGatewayFormatV2 Moderate
CVE-2024-24753 was published for bref/bref (Composer) Feb 1, 2024
smaury mnapoli
Credited to smaury and mnapoli
Neos CMS vulnerable to XSS in various backend modules Moderate
CVE-2022-30429 was published for neos/neos (Composer) Jun 3, 2022
Zenario CMS vulnerable to CRLF injection Moderate
CVE-2015-3154 was published for zendframework/zend-http (Composer) May 24, 2022
Broken access control on files Moderate
CVE-2019-14273 was published for silverstripe/framework (Composer) Jul 15, 2020
Open Redirection in Login Handling Moderate
CVE-2021-21338 was published for typo3/cms (Composer) Mar 23, 2021
einpraegsam derhansen
Credited to einpraegsam and derhansen
Cross-Site Scripting in Fluid view helpers Moderate
CVE-2020-26227 was published for typo3/cms (Composer) Dec 21, 2020
ohader
Credited to ohader
Cross-Site Scripting in ternary conditional operator Moderate
CVE-2020-15241 was published for typo3/cms (Composer) Oct 8, 2020
billdagou NamelessCoder
Credited to billdagou and NamelessCoder
C5 Firefly III CSV Injection. Moderate
GHSA-29w6-c52g-m8jc was published for grumpydictator/firefly-iii (Composer) Jan 31, 2024
Ab4y98
Credited to Ab4y98
View permissions are bypassed for paginated lists of ORM data Moderate
CVE-2023-44401 was published for silverstripe/graphql (Composer) Jan 23, 2024
No permission checks for editing/deleting records with CSV import form Moderate
CVE-2023-49783 was published for silverstripe/admin (Composer) Jan 23, 2024
GuySartorelli
Credited to GuySartorelli
Moodle cross-site request forgery (CSRF) vulnerability Moderate
CVE-2015-0218 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle External function mod_assign_save_submission does not check due dates Moderate
CVE-2016-2159 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle XSS from profile fields from external db Moderate
CVE-2016-2152 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle allows attackers to discover hidden course names Moderate
CVE-2016-2154 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle allows attackers to obtain sensitive category-detail information Moderate
CVE-2016-2158 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle allows attackers to modify "Exclude grade" settings Moderate
CVE-2016-2155 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle allows attackers to discover student e-mail addresses Moderate
CVE-2016-2151 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle provides calendar-event data without considering whether an activity is hidden Moderate
CVE-2016-2156 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle allows attackers to bypass intended access restrictions Moderate
CVE-2015-5342 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database