GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
131 advisories
Filter by severity
ConcreteCMS Cross-site Scripting vulnerability
Moderate
CVE-2023-44765
was published
for
concrete5/concrete5
(Composer)
Oct 6, 2023
ConcreteCMS Cross-site Scripting vulnerability
Moderate
CVE-2023-44761
was published
for
concrete5/concrete5
(Composer)
Oct 6, 2023
RaspAP Command Injection vulnerability
Critical
CVE-2022-39986
was published
for
billz/raspap-webgui
(Composer)
Aug 1, 2023
RaspAP Command Injection vulnerability
High
CVE-2022-39987
was published
for
billz/raspap-webgui
(Composer)
Aug 1, 2023
Stored cross site scripting on API integration
Moderate
CVE-2023-28477
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names
Low
CVE-2023-28819
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
Reflected cross site scripting
Moderate
CVE-2023-28475
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
Concrete CMS (previously concrete5) is vulnerable to possible auth bypass in the jobs section
Critical
CVE-2023-28473
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
Concrete CMS missing secure cookie parameters
Moderate
CVE-2023-28472
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin
Moderate
CVE-2023-25727
was published
for
phpmyadmin/phpmyadmin
(Composer)
Feb 13, 2023
TYPO3-EXT-SA-2022-018: Multiple vulnerabilities in extension "Master-Quiz" (fp_masterquiz)
Moderate
CVE-2022-47407
was published
for
fixpunkt/fp-masterquiz
(Composer)
Dec 14, 2022
MunkiReport Cross-Site Scripting (XSS) Filter Bypass On Comment
Moderate
CVE-2020-15885
was published
for
munkireport/comment
(Composer)
May 24, 2022
MunkiReport Managed Installs module Reflected Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2020-15883
was published
for
munkireport/managedinstalls
(Composer)
May 24, 2022
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation
High
CVE-2020-13700
was published
for
airesvsg/acf-to-rest-api
(Composer)
May 24, 2022
Moodle all messaging conversations could be viewed
High
CVE-2019-10154
was published
for
moodle/moodle
(Composer)
May 24, 2022
Moodle Open Redirect Vulnerability
Moderate
CVE-2019-10133
was published
for
moodle/moodle
(Composer)
May 24, 2022
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
Critical
CVE-2014-4172
was published
for
DotNetCasClient
(Composer)
May 17, 2022
Moodle XML import of ddwtos could lead to intentional remote code execution
High
CVE-2018-14630
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Stored HTML in assignment submission comments allowed links to be opened directly
Moderate
CVE-2019-3850
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle context freezing
Moderate
CVE-2019-3852
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Secure layout contained an insecure link in Boost theme
Moderate
CVE-2019-3851
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Users could elevate their role when accessing the LTI tool on a provider site
High
CVE-2019-3849
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module
Low
CVE-2013-1833
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle's login_as feature leaks information from external repositories
Low
CVE-2013-1835
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not consider "don't send" attributes during hub registration
Moderate
CVE-2013-2081
was published
for
moodle/moodle
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API