GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
278 advisories
Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin
Moderate
CVE-2023-25727
was published
for
phpmyadmin/phpmyadmin
(Composer)
Feb 13, 2023
Django contains Uncontrolled Resource Consumption via cached header
High
CVE-2023-23969
was published
for
django
(pip)
Feb 1, 2023
TYPO3-EXT-SA-2022-018: Multiple vulnerabilities in extension "Master-Quiz" (fp_masterquiz)
Moderate
CVE-2022-47407
was published
for
fixpunkt/fp-masterquiz
(Composer)
Dec 14, 2022
XXL-JOB vulnerable to Server-Side Request Forgery (SSRF)
High
CVE-2022-43183
was published
for
com.xuxueli:xxl-job-core
(Maven)
Nov 17, 2022
Improper Privilege Management in com.xuxueli:xxl-job
High
CVE-2022-36157
was published
for
com.xuxueli:xxl-job
(Maven)
Aug 20, 2022
MunkiReport Managed Installs module Reflected Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2020-15883
was published
for
munkireport/managedinstalls
(Composer)
May 24, 2022
MunkiReport Cross-Site Scripting (XSS) Filter Bypass On Comment
Moderate
CVE-2020-15885
was published
for
munkireport/comment
(Composer)
May 24, 2022
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation
High
CVE-2020-13700
was published
for
airesvsg/acf-to-rest-api
(Composer)
May 24, 2022
Moodle all messaging conversations could be viewed
High
CVE-2019-10154
was published
for
moodle/moodle
(Composer)
May 24, 2022
Moodle Open Redirect Vulnerability
Moderate
CVE-2019-10133
was published
for
moodle/moodle
(Composer)
May 24, 2022
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
Critical
CVE-2014-4172
was published
for
DotNetCasClient
(Composer)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient
Moderate
CVE-2011-1498
was published
for
org.apache.httpcomponents:httpclient
(Maven)
May 17, 2022
XML Entity Expansion (XEE) in Django
Moderate
CVE-2013-1664
was published
for
Django
(pip)
May 17, 2022
XML External Entity (XXE) in Django
Moderate
CVE-2013-1665
was published
for
Django
(pip)
May 17, 2022
Improper Neutralization of Input During Web Page Generation in JavaMelody
Moderate
CVE-2013-4378
was published
for
net.bull.javamelody:javamelody-core
(Maven)
May 17, 2022
Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1
High
CVE-2013-1777
was published
for
org.apache.geronimo.framework:geronimo-jmx-remoting
(Maven)
May 17, 2022
XML Injection in Apache Solr
Moderate
CVE-2013-6408
was published
for
org.apache.solr:solr-core
(Maven)
May 17, 2022
Apache Solr UpdateRequestHandler for XML resolves XML External Entities
Moderate
CVE-2013-6407
was published
for
org.apache.solr:solr-core
(Maven)
May 17, 2022
Improper Limitation of a Pathname to a Restricted Directory in Apache Solr
Moderate
CVE-2013-6397
was published
for
org.apache.solr:solr-core
(Maven)
May 17, 2022
Missing Cryptographic Step in OWASP Enterprise Security API for Java
Low
CVE-2013-5679
was published
for
org.owasp.esapi:esapi
(Maven)
May 17, 2022
Cross-site Scripting in Apache ActiveMQ
Moderate
CVE-2012-6092
was published
for
org.apache.activemq:activemq-core
(Maven)
May 17, 2022
Django Access Restrictions Bypass
Moderate
CVE-2016-2048
was published
for
django
(pip)
May 17, 2022
Django allows user sessions hijacking via an empty string in the session key
Moderate
CVE-2015-3982
was published
for
Django
(pip)
May 17, 2022
Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML
High
CVE-2013-4221
was published
for
org.restlet.jse:org.restlet
(Maven)
May 17, 2022
Django database denial-of-service with ModelMultipleChoiceField
Moderate
CVE-2015-0222
was published
for
Django
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API