Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,600 advisories

Loading
Moodle Improper Input Validation vulnerability Moderate
CVE-2021-36402 was published for moodle/moodle (Composer) Mar 7, 2023
OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability Low
CVE-2022-4134 was published for glance (pip) Mar 7, 2023
Insufficient Session Expiration in pretix High
CVE-2023-27891 was published for pretix (pip) Mar 7, 2023
Moodle vulnerable to Uncontrolled Resource Consumption High
CVE-2021-36395 was published for moodle/moodle (Composer) Mar 6, 2023
Moodle Session Fixation vulnerability Critical
CVE-2021-36394 was published for moodle/moodle (Composer) Mar 6, 2023
Moodle SQL Injection vulnerability Critical
CVE-2021-36392 was published for moodle/moodle (Composer) Mar 6, 2023
Remote code execution in Funadmin Critical
CVE-2023-24776 was published for funadmin/funadmin (Composer) Mar 6, 2023
Moodle SQL Injection vulnerability Critical
CVE-2021-36393 was published for moodle/moodle (Composer) Mar 6, 2023
Moodle vulnerable to Server-Side Request Forgery High
CVE-2021-36396 was published for moodle/moodle (Composer) Mar 6, 2023
uvdesk/community-skeleton vulnerable to Stored Cross-site Scripting Moderate
CVE-2023-1197 was published for uvdesk/community-skeleton (Composer) Mar 6, 2023
jeecg-boot contains SQL Injection vulnerability High
CVE-2023-24789 was published for org.jeecgframework.boot:jeecg-boot-parent (Maven) Mar 6, 2023
dot-lens vulnerable to Prototype Pollution High
CVE-2023-26106 was published for dot-lens (npm) Mar 6, 2023
node-static and @nubosoftware/node-static vulnerable to Directory Traversal High
CVE-2023-26111 was published for @nubosoftware/node-static (npm) Mar 6, 2023
lirantal
Credited to lirantal
@nestjs/core vulnerable to Information Exposure via StreamableFile pipe Moderate
CVE-2023-26108 was published for @nestjs/core (npm) Mar 6, 2023
SketchSVG Arbitrary Code Injection vulnerability High
CVE-2023-26107 was published for sketchsvg (npm) Mar 6, 2023
Open redirect in web2py Moderate
CVE-2023-22432 was published for web2py (pip) Mar 6, 2023
json-logic-js Command Injection vulnerability Critical
CVE-2021-4329 was published for json-logic-js (npm) Mar 5, 2023
Wallabag Improper Authorization vulnerability Moderate
CVE-2023-0734 was published for wallabag/wallabag (Composer) Mar 5, 2023
Directus vulnerable to Server-Side Request Forgery On File Import Moderate
CVE-2023-26492 was published for directus (npm) Mar 3, 2023
Ccamm votr123
Credited to Ccamm and votr123
Yapscan Denial of Service vulnerability in report server High
GHSA-wxwq-525w-hcqx was published for github.com/fkie-cad/yapscan (Go) Mar 3, 2023
xwiki contains Incorrect Authorization Moderate
CVE-2023-26056 was published for org.xwiki.platform:xwiki-platform-rendering-macro-context (Maven) Mar 3, 2023
XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data High
CVE-2023-26480 was published for org.xwiki.platform:xwiki-platform-livedata-macro (Maven) Mar 3, 2023
xwiki vulnerable to Improper Handling of Exceptional Conditions Moderate
CVE-2023-26479 was published for org.xwiki.platform:xwiki-platform-rendering-parser (Maven) Mar 3, 2023
xwiki contains Exposed Dangerous Method or Function Moderate
CVE-2023-26478 was published for org.xwiki.platform:xwiki-platform-store-filesystem-oldcore (Maven) Mar 3, 2023
org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability Critical
CVE-2023-26477 was published for org.xwiki.platform:xwiki-platform-flamingo-theme-ui (Maven) Mar 3, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database