Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,354
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,552
Pub
12
RubyGems
1,013
Rust
1,204
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,964 advisories

Loading
Cross-Site Request Forgery in moodle High
CVE-2024-25982 was published for moodle/moodle (Composer) Feb 19, 2024
Improper Handling of Parameters in moodle Moderate
CVE-2024-25979 was published for moodle/moodle (Composer) Feb 19, 2024
Authorization Bypass in moodle Moderate
CVE-2024-25983 was published for moodle/moodle (Composer) Feb 19, 2024
Improper Access Control in moodle Moderate
CVE-2024-25980 was published for moodle/moodle (Composer) Feb 19, 2024
Improper Access Control in moodle Moderate
CVE-2024-25981 was published for moodle/moodle (Composer) Feb 19, 2024
Uncontrolled Resource Consumption in moodle High
CVE-2024-25978 was published for moodle/moodle (Composer) Feb 19, 2024
Duplicate Advisory: SQL injection in pgjdbc Critical
GHSA-xfg6-62px-cxc2 was published for org.postgresql:postgresql (Maven) Feb 19, 2024 withdrawn
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file Moderate
CVE-2024-26308 was published for org.apache.commons:commons-compress (Maven) Feb 19, 2024
oscerd Credited to oscerd and astashys astashys astashys
Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file Moderate
CVE-2024-25710 was published for org.apache.commons:commons-compress (Maven) Feb 19, 2024
oscerd Credited to oscerd and anonymous-nlp-student anonymous-nlp-student anonymous-nlp-student
Cross-site Scripting in Serenity Moderate
CVE-2024-26318 was published for @serenity-is/corelib (npm) Feb 19, 2024
Code injection in REDAXO High
CVE-2024-25298 was published for redaxo/source (Composer) Feb 17, 2024
Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security Moderate
CVE-2024-21499 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security Moderate
CVE-2024-21500 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Server-Side Request Forgery in github.com/greenpau/caddy-security Moderate
CVE-2024-21498 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Open Redirect in github.com/greenpau/caddy-security Moderate
CVE-2024-21497 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Cross-site Scripting in github.com/greenpau/caddy-security Moderate
CVE-2024-21496 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Use of Insufficiently Random Values in github.com/greenpau/caddy-security Moderate
CVE-2024-21495 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Improper Validation of Array Index in github.com/greenpau/caddy-security Moderate
CVE-2024-21493 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Authentication Bypass by Spoofing in github.com/greenpau/caddy-security Moderate
CVE-2024-21494 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Insufficient Session Expiration in github.com/greenpau/caddy-security Moderate
CVE-2024-21492 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Vulnerability affecting the org.openjfx:javafx-media maven component of the OpenJFX project Low
CVE-2024-20925 was published for org.openjfx:javafx-media (Maven) Feb 17, 2024
westonsteimel Credited to westonsteimel
tuf's Metadata API: Targets.get_delegated_role() is missing input validation Low
GHSA-77hh-43cm-v8j6 was published for tuf (pip) Feb 16, 2024
Hazelcast Platform permission checking in CSV File Source connector High
CVE-2023-45860 was published for com.hazelcast:hazelcast (Maven) Feb 16, 2024
GitHub Security Lab (GHSL) Vulnerability Report, scrypted: `GHSL-2023-218`, `GHSL-2023-219` High
GHSA-w4hv-vmv9-hgcr was published for @scrypted/core (npm) Feb 16, 2024
Kwstubbs Credited to Kwstubbs
Scrapy decompression bomb vulnerability High
CVE-2024-3572 was published for scrapy (pip) Feb 16, 2024
dmandefy Credited to dmandefy
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database