GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
177 advisories
Cross-site Scripting in OpenCRX
Moderate
CVE-2023-40813
was published
for
org.opencrx:opencrx-core-models
(Maven)
Nov 18, 2023
NASA Open MCT Cross Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2023-45884
was published
for
openmct
(npm)
Nov 9, 2023
NASA Open MCT Cross Site Scripting vulnerability
Moderate
CVE-2023-45885
was published
for
openmct
(npm)
Nov 9, 2023
Mattermost vulnerable to excessive memory consumption
Moderate
CVE-2023-5969
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 6, 2023
Mattermost password hash disclosure vulnerability
Moderate
CVE-2023-5968
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 6, 2023
ConcreteCMS Cross-site Scripting vulnerability
Moderate
CVE-2023-44765
was published
for
concrete5/concrete5
(Composer)
Oct 6, 2023
ConcreteCMS Cross-site Scripting vulnerability
Moderate
CVE-2023-44761
was published
for
concrete5/concrete5
(Composer)
Oct 6, 2023
OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunning
Moderate
CVE-2023-34234
was published
for
@openzeppelin/contracts
(npm)
Jun 8, 2023
n8n Directory Traversal vulnerability
Moderate
CVE-2023-27562
was published
for
n8n
(npm)
May 10, 2023
Stored cross site scripting on API integration
Moderate
CVE-2023-28477
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
Concrete CMS missing secure cookie parameters
Moderate
CVE-2023-28472
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
Reflected cross site scripting
Moderate
CVE-2023-28475
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
Moderate
CVE-2023-30541
was published
for
@openzeppelin/contracts
(npm)
Apr 17, 2023
Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin
Moderate
CVE-2023-25727
was published
for
phpmyadmin/phpmyadmin
(Composer)
Feb 13, 2023
TYPO3-EXT-SA-2022-018: Multiple vulnerabilities in extension "Master-Quiz" (fp_masterquiz)
Moderate
CVE-2022-47407
was published
for
fixpunkt/fp-masterquiz
(Composer)
Dec 14, 2022
MunkiReport Managed Installs module Reflected Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2020-15883
was published
for
munkireport/managedinstalls
(Composer)
May 24, 2022
MunkiReport Cross-Site Scripting (XSS) Filter Bypass On Comment
Moderate
CVE-2020-15885
was published
for
munkireport/comment
(Composer)
May 24, 2022
Moodle Open Redirect Vulnerability
Moderate
CVE-2019-10133
was published
for
moodle/moodle
(Composer)
May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient
Moderate
CVE-2011-1498
was published
for
org.apache.httpcomponents:httpclient
(Maven)
May 17, 2022
XML Entity Expansion (XEE) in Django
Moderate
CVE-2013-1664
was published
for
Django
(pip)
May 17, 2022
XML External Entity (XXE) in Django
Moderate
CVE-2013-1665
was published
for
Django
(pip)
May 17, 2022
Improper Neutralization of Input During Web Page Generation in JavaMelody
Moderate
CVE-2013-4378
was published
for
net.bull.javamelody:javamelody-core
(Maven)
May 17, 2022
XML Injection in Apache Solr
Moderate
CVE-2013-6408
was published
for
org.apache.solr:solr-core
(Maven)
May 17, 2022
Apache Solr UpdateRequestHandler for XML resolves XML External Entities
Moderate
CVE-2013-6407
was published
for
org.apache.solr:solr-core
(Maven)
May 17, 2022
Improper Limitation of a Pathname to a Restricted Directory in Apache Solr
Moderate
CVE-2013-6397
was published
for
org.apache.solr:solr-core
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API