GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
4,249 advisories
Filter by severity
MediaWiki UnlinkedWikibase Cross-site Scripting vulnerability
Moderate
CVE-2024-34500
was published
for
samwilson/unlinked-wikibase
(Composer)
May 5, 2024
Bagisto vulnerable to Insecure Direct Object Reference (IDOR)
Moderate
CVE-2023-36238
was published
for
bagisto/bagisto
(Composer)
Mar 13, 2024
SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
Moderate
CVE-2024-52806
was published
for
simplesamlphp/saml2
(Composer)
Dec 2, 2024
SimpleSAMLphp xml-common XXE vulnerability
High
CVE-2024-52596
was published
for
simplesamlphp/xml-common
(Composer)
Dec 2, 2024
Moodle uses the same key for QR login and auto-login
Moderate
CVE-2024-38277
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
SimpleSAMLphp vulnerable to XXE in parsing SAML messages
High
GHSA-j5g2-q29x-cw3h
was published
for
simplesamlphp/simplesamlphp
(Composer)
Dec 2, 2024
•
withdrawn
Withdrawn Advisory: Symfony's VarDumper vulnerable to unsafe deserialization
High
CVE-2024-36610
was published
for
symfony/var-dumper
(Composer)
Nov 29, 2024
•
withdrawn
Withdrawn Advisory: Symfony http-security has authentication bypass
Moderate
CVE-2024-36611
was published
for
symfony/security-http
(Composer)
Nov 29, 2024
•
withdrawn
Information Disclosure in Password Reset
Low
CVE-2020-11063
was published
for
typo3/cms
(Composer)
May 13, 2020
ibexa/post-install affected by Breach with Varnish VCL
Moderate
GHSA-4h8f-c635-25p7
was published
for
ibexa/post-install
(Composer)
Dec 2, 2024
ibexa/http-cache affected by Breach with Varnish VCL
Moderate
GHSA-fh7v-q458-7vmw
was published
for
ibexa/http-cache
(Composer)
Dec 2, 2024
ezsystems/ezplatform-http-cache affected by Breach with Varnish VCL
Moderate
GHSA-mgfg-7533-7jf6
was published
for
ezsystems/ezplatform-http-cache
(Composer)
Dec 2, 2024
Ibexa Admin UI vulnerable to Cross-site Scripting in a field that is used in the Content name pattern
Moderate
CVE-2024-53864
was published
for
ibexa/admin-ui
(Composer)
Dec 2, 2024
SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails
High
CVE-2024-53860
was published
for
spencer14420/sp-php-email-handler
(Composer)
Nov 27, 2024
Moodle IDOR when deleting OAuth2 linked accounts
Moderate
CVE-2024-45690
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
TCPDF Local File Inclusion vulnerability
Moderate
CVE-2024-51058
was published
for
tecnickcom/tcpdf
(Composer)
Nov 26, 2024
Moodle IDOR when accessing list of course badges
Moderate
CVE-2024-48899
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
Moodle Lesson activity password bypass through PHP loose comparison
Moderate
CVE-2024-45691
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
Moodle allows users to retrieve information they did not have permission to access
Moderate
CVE-2024-45689
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
moodle: IDOR when fetching report schedules
Moderate
CVE-2024-48901
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
moodle: IDOR in edit/delete RSS feed
Moderate
CVE-2024-48897
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
Statamic CMS has a Path Traversal in Asset Upload
Moderate
CVE-2024-52600
was published
for
statamic/cms
(Composer)
Nov 19, 2024
Improper Authorization in dolibarr/dolibarr
Moderate
CVE-2021-3991
was published
for
dolibarr/dolibarr
(Composer)
Nov 15, 2024
Redaxo Core CMS Cross Site Scripting (XSS)
Moderate
CVE-2024-50803
was published
for
redaxo/source
(Composer)
Nov 19, 2024
CSRF leading to delete account in wallabag/wallabag
Moderate
CVE-2023-0737
was published
for
wallabag/wallabag
(Composer)
Nov 15, 2024
ProTip!
Advisories are also available from the
GraphQL API