GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,418 advisories
Filter by severity
Moodle IDOR when accessing list of course badges
Moderate
CVE-2024-48899
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
Moodle Lesson activity password bypass through PHP loose comparison
Moderate
CVE-2024-45691
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
Moodle IDOR when deleting OAuth2 linked accounts
Moderate
CVE-2024-45690
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
Moodle allows users to retrieve information they did not have permission to access
Moderate
CVE-2024-45689
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
moodle: IDOR when fetching report schedules
Moderate
CVE-2024-48901
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
moodle: IDOR in edit/delete RSS feed
Moderate
CVE-2024-48897
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
Statamic CMS has a Path Traversal in Asset Upload
Moderate
CVE-2024-52600
was published
for
statamic/cms
(Composer)
Nov 19, 2024
Improper Authorization in dolibarr/dolibarr
Moderate
CVE-2021-3991
was published
for
dolibarr/dolibarr
(Composer)
Nov 15, 2024
Redaxo Core CMS Cross Site Scripting (XSS)
Moderate
CVE-2024-50803
was published
for
redaxo/source
(Composer)
Nov 19, 2024
CSRF leading to delete account in wallabag/wallabag
Moderate
CVE-2023-0737
was published
for
wallabag/wallabag
(Composer)
Nov 15, 2024
moodle: Some users can delete audiences of other reports
Moderate
CVE-2024-48898
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
Moodle leaks user names
Moderate
CVE-2024-48896
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
Mautic has insufficient authentication in upgrade flow
Moderate
CVE-2024-47051
was published
for
mautic/core
(Composer)
Sep 18, 2024
auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped
Moderate
CVE-2024-45592
was published
for
damienharper/auditor-bundle
(Composer)
Sep 10, 2024
Shopware vulnerable to blind SQL-injection in DAL aggregations
Moderate
CVE-2024-42357
was published
for
shopware/core
(Composer)
Aug 8, 2024
openCart Server-Side Template Injection (SSTI) vulnerability
Moderate
CVE-2024-40420
was published
for
opencart/opencart
(Composer)
Jul 17, 2024
Moodle HTTP authorization header is preserved between "emulated redirects"
Moderate
CVE-2024-38275
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
Cross-Site Request Forgery in Anchor CMS
Moderate
CVE-2024-29338
was published
for
anchorcms/anchor-cms
(Composer)
Mar 22, 2024
Zenario's Tree Explorer tool from Organizer affected by Cross-site Scripting
Moderate
CVE-2024-34460
was published
for
tribalsystems/zenario
(Composer)
May 4, 2024
LibreNMS has a stored XSS in ExamplePlugin with Device's Notes
Moderate
CVE-2024-49758
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
Cross site scripting in sylius/sylius
Moderate
CVE-2021-3841
was published
for
sylius/sylius
(Composer)
Nov 15, 2024
Cross-site Scripting (XSS) in Conditions tab of Pricing Rules
Moderate
CVE-2023-2332
was published
for
pimcore/pimcore
(Composer)
Apr 27, 2023
Moodle Cross-site Scripting (XSS)
Moderate
CVE-2024-34000
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle IDOR when accessing list of badge recipients
Moderate
CVE-2024-48900
was published
for
moodle/moodle
(Composer)
Nov 13, 2024
UnoPim Stored XSS : Cookie hijacking through Create User function
Moderate
CVE-2024-52305
was published
for
unopim/unopim
(Composer)
Nov 13, 2024
ProTip!
Advisories are also available from the
GraphQL API