Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,872
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,951
npm
3,481
NuGet
605
pip
3,047
Pub
10
RubyGems
832
Rust
777
Swift
34
Unreviewed advisories
All unreviewed
5,000+

131 advisories

ConcreteCMS Cross-site Scripting vulnerability Moderate
CVE-2023-44765 was published for concrete5/concrete5 (Composer) Oct 6, 2023
MarkLee131
ConcreteCMS Cross-site Scripting vulnerability Moderate
CVE-2023-44761 was published for concrete5/concrete5 (Composer) Oct 6, 2023
MarkLee131
RaspAP Command Injection vulnerability Critical
CVE-2022-39986 was published for billz/raspap-webgui (Composer) Aug 1, 2023
MarkLee131
RaspAP Command Injection vulnerability High
CVE-2022-39987 was published for billz/raspap-webgui (Composer) Aug 1, 2023
MarkLee131
Stored cross site scripting on API integration Moderate
CVE-2023-28477 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names Low
CVE-2023-28819 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Concrete CMS missing secure cookie parameters Moderate
CVE-2023-28472 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Concrete CMS (previously concrete5) is vulnerable to possible auth bypass in the jobs section Critical
CVE-2023-28473 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Reflected cross site scripting Moderate
CVE-2023-28475 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin Moderate
CVE-2023-25727 was published for phpmyadmin/phpmyadmin (Composer) Feb 13, 2023
MarkLee131
TYPO3-EXT-SA-2022-018: Multiple vulnerabilities in extension "Master-Quiz" (fp_masterquiz) Moderate
CVE-2022-47407 was published for fixpunkt/fp-masterquiz (Composer) Dec 14, 2022
MarkLee131
MunkiReport Managed Installs module Reflected Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2020-15883 was published for munkireport/managedinstalls (Composer) May 24, 2022
MarkLee131
MunkiReport Cross-Site Scripting (XSS) Filter Bypass On Comment Moderate
CVE-2020-15885 was published for munkireport/comment (Composer) May 24, 2022
MarkLee131
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation High
CVE-2020-13700 was published for airesvsg/acf-to-rest-api (Composer) May 24, 2022
MarkLee131
Moodle all messaging conversations could be viewed High
CVE-2019-10154 was published for moodle/moodle (Composer) May 24, 2022
MarkLee131
Moodle Open Redirect Vulnerability Moderate
CVE-2019-10133 was published for moodle/moodle (Composer) May 24, 2022
MarkLee131
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability Critical
CVE-2014-4172 was published for DotNetCasClient (Composer) May 17, 2022
MarkLee131
Moodle XML import of ddwtos could lead to intentional remote code execution High
CVE-2018-14630 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle Stored HTML in assignment submission comments allowed links to be opened directly Moderate
CVE-2019-3850 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle context freezing Moderate
CVE-2019-3852 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle Secure layout contained an insecure link in Boost theme Moderate
CVE-2019-3851 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle Users could elevate their role when accessing the LTI tool on a provider site High
CVE-2019-3849 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module Low
CVE-2013-1833 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle does not consider "don't send" attributes during hub registration Moderate
CVE-2013-2081 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle is vulnerable to Improper Input Validation in MoodleQuickForm class Moderate
CVE-2013-2083 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
ProTip! Advisories are also available from the GraphQL API