GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20,704 advisories
Filter by severity
Moodle admin presets export tool includes some secrets that should not be exported
Low
CVE-2024-43427
was published
for
moodle/moodle
(Composer)
Nov 11, 2024
Moodle has user information visibility control issues in gradebook reports
Low
CVE-2024-43429
was published
for
moodle/moodle
(Composer)
Nov 11, 2024
Moodle has insufficient access control
Low
CVE-2024-43430
was published
for
moodle/moodle
(Composer)
Nov 11, 2024
Moodle authorization headers preserved between "emulated redirects"
Low
CVE-2024-43432
was published
for
moodle/moodle
(Composer)
Nov 11, 2024
Moodle's user/power level management inconsistent with suspended users
Low
CVE-2024-43433
was published
for
moodle/moodle
(Composer)
Nov 11, 2024
Moodle has insufficient capability checks
Low
CVE-2024-43435
was published
for
moodle/moodle
(Composer)
Nov 11, 2024
wasm3 uncontrolled memory allocation vulnerability
Moderate
CVE-2024-27529
was published
for
github.com/shareup/wasm-interpreter-apple
(pip)
Nov 9, 2024
Git credentials are exposed in Atlantis logs
High
CVE-2024-52009
was published
for
github.com/runatlantis/atlantis
(Go)
Nov 8, 2024
XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`
High
CVE-2024-52007
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may
(Maven)
Nov 8, 2024
sp1 has insufficient observation of cumulative sum
Low
GHSA-8m24-3cfx-9fjw
was published
for
sp1-recursion-circuit
(Rust)
Nov 8, 2024
Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data
Low
CVE-2024-50378
was published
for
apache-airflow
(pip)
Nov 8, 2024
Regular Expression Denial of Service (ReDoS) in cross-spawn
High
CVE-2024-21538
was published
for
cross-spawn
(npm)
Nov 8, 2024
changedetection.io path traversal using file URI scheme without supplying hostname
High
CVE-2024-51998
was published
for
changedetection.io
(pip)
Nov 7, 2024
HTTP Client uses incorrect token after refresh
Moderate
CVE-2024-51987
was published
for
Duende.AccessTokenManagement.OpenIdConnect
(NuGet)
Nov 7, 2024
XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream
High
CVE-2024-47072
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Nov 7, 2024
Hashicorp Nomad Incorrect Authorization vulnerability
Moderate
CVE-2024-10975
was published
for
github.com/hashicorp/nomad
(Go)
Nov 7, 2024
PHPExcel XXE Vulnerability
High
CVE-2015-3542
was published
for
phpoffice/phpexcel
(Composer)
Nov 7, 2024
Devtron has SQL Injection in CreateUser API
High
CVE-2024-45794
was published
for
github.com/devtron-labs/devtron
(Go)
Nov 7, 2024
jj vulnerable to path traversal via crafted Git repositories
Critical
CVE-2024-51990
was published
for
jj-lib
(Rust)
Nov 7, 2024
Filament has exported files stored in default (`public`) filesystem if not reconfigured
Low
CVE-2024-51758
was published
for
filament/actions
(Composer)
Nov 7, 2024
Moodle vulnerable to cache poisoning via injection into storage
Moderate
CVE-2024-43428
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Moodle vulnerable to site administration SQL injection via XMLDB editor
Moderate
CVE-2024-43436
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Moodle's IDOR in badges allows deletion of arbitrary badges
Moderate
CVE-2024-43431
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Moodle LFI vulnerability when restoring malformed block backups
Moderate
CVE-2024-43440
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Moodle has CSRF risk in Feedback non-respondents report
High
CVE-2024-43434
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
ProTip!
Advisories are also available from the
GraphQL API