Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,886 advisories

Loading
XSS in Adminer Moderate
GHSA-m56g-3g8v-2rxw was published for vrana/adminer (Composer) Feb 11, 2021 withdrawn
emilwareus
Credited to emilwareus
OroCommerce get-totals-for-checkout API endpoint returns unwanted data Moderate
CVE-2023-32065 was published for oro/commerce (Composer) Nov 27, 2023
OroCRMCallBundle has incorrect call view page visibility Moderate
CVE-2023-32063 was published for oro/crm-call-bundle (Composer) Nov 27, 2023
OroCalendarBundle has incorrect system calendar events visibility Moderate
CVE-2023-32062 was published for oro/calendar-bundle (Composer) Nov 27, 2023
Insertion of Sensitive Information into Log Moderate
CVE-2023-48708 was published for codeigniter4/shield (Composer) Nov 23, 2023
Cleartext Storage of Sensitive Information in HMAC SHA256 Authentication Moderate
CVE-2023-48707 was published for codeigniter4/shield (Composer) Nov 23, 2023
LibreNMS has Broken Access control on Graphs Feature Moderate
CVE-2023-48294 was published for librenms/librenms (Composer) Nov 17, 2023
rook1337
Credited to rook1337
LibreNMS vulnerable to rate limiting bypass on login page Moderate
CVE-2023-46745 was published for librenms/librenms (Composer) Nov 17, 2023
rook1337
Credited to rook1337
Concrete CMS allows unauthorized access because directories can be created with insecure permissions Moderate
CVE-2023-48648 was published for concrete5/concrete5 (Composer) Nov 17, 2023
Moodle Code Injection vulnerability Moderate
CVE-2023-5550 was published for moodle/moodle (Composer) Nov 9, 2023
WPGraphQL Plugin vulnerable to Server Side Request Forgery (SSRF) Moderate
CVE-2023-23684 was published for wp-graphql/wp-graphql (Composer) Jun 30, 2023
Moodle Improper Access Control vulnerability Moderate
CVE-2023-5549 was published for moodle/moodle (Composer) Nov 9, 2023
Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability Moderate
CVE-2023-5548 was published for moodle/moodle (Composer) Nov 9, 2023
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-5545 was published for moodle/moodle (Composer) Nov 9, 2023
Moodle Improper Access Control vulnerability Moderate
CVE-2023-5542 was published for moodle/moodle (Composer) Nov 9, 2023
LibreNMS Cross-site Scripting at Device groups Deletion feature Moderate
CVE-2023-48295 was published for librenms/librenms (Composer) Nov 17, 2023
rook1337
Credited to rook1337
Concrete CMS Cross-site Scripting vulnerability Moderate
CVE-2023-44760 was published for concrete5/concrete5 (Composer) Oct 24, 2023
ConcreteCMS Cross-site Scripting vulnerability Moderate
CVE-2023-44766 was published for concrete5/concrete5 (Composer) Oct 6, 2023
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes Moderate
CVE-2023-48219 was published for TinyMCE (Composer) Nov 15, 2023
masatokinugawa
Credited to masatokinugawa
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin Moderate
CVE-2023-45818 was published for TinyMCE (Composer) Oct 19, 2023
masatokinugawa
Credited to masatokinugawa
pimcore/admin-ui-classic-bundle Full Path Disclosure via re-export document Moderate
CVE-2023-47636 was published for pimcore/admin-ui-classic-bundle (Composer) Nov 15, 2023
xcapri
Credited to xcapri
Microweber Cross-site Scripting vulnerability Moderate
CVE-2023-47379 was published for microweber/microweber (Composer) Nov 8, 2023
pocketmine/raklib reliable-ordered queue size is unlimited, allowing a session to hog server memory Moderate
GHSA-w98g-5fmx-wm4x was published for pocketmine/raklib (Composer) Nov 15, 2023
Moodle Cross-site Scripting vulnerability Moderate
CVE-2023-5547 was published for moodle/moodle (Composer) Nov 9, 2023
Moodle Cross-site Scripting vulnerability Moderate
CVE-2023-5546 was published for moodle/moodle (Composer) Nov 9, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database