Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,084
Erlang
29
GitHub Actions
19
Go
1,910
Maven
5,000+
npm
3,646
NuGet
638
pip
3,261
Pub
10
RubyGems
870
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

280 advisories

Loading
Concrete CMS (previously concrete5) is vulnerable to possible auth bypass in the jobs section Critical
CVE-2023-28473 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Stored cross site scripting on API integration Moderate
CVE-2023-28477 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names Low
CVE-2023-28819 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Reflected cross site scripting Moderate
CVE-2023-28475 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
ConcreteCMS Cross-site Scripting vulnerability Moderate
CVE-2023-44761 was published for concrete5/concrete5 (Composer) Oct 6, 2023
MarkLee131
ConcreteCMS Cross-site Scripting vulnerability Moderate
CVE-2023-44765 was published for concrete5/concrete5 (Composer) Oct 6, 2023
MarkLee131
Apache Camel's Mail is vulnerable to path traversal Moderate
CVE-2018-8041 was published for org.apache.camel:camel-mail (Maven) Oct 16, 2018
MarkLee131 sunSUNQ
Moodle does not enforce the forceloginforprofiles setting Moderate
CVE-2013-1830 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle allows remote attackers to read arbitrary files Moderate
CVE-2014-3542 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle reveals absolute path in exception message Moderate
CVE-2013-1831 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle includes the WebDAV password in the configuration form Moderate
CVE-2013-1832 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module Low
CVE-2013-1833 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle allows remote authenticated users to reassign notes Moderate
CVE-2013-1834 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle does not properly manage privileges for WebDAV repositories Moderate
CVE-2013-1836 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle's login_as feature leaks information from external repositories Low
CVE-2013-1835 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle is vulnerable to Sensitive Information Disclosure Moderate
CVE-2013-2080 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle is vulnerable to Improper Input Validation in MoodleQuickForm class Moderate
CVE-2013-2083 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle does not consider "don't send" attributes during hub registration Moderate
CVE-2013-2081 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle does not enforce capability requirements for reading blog comments Moderate
CVE-2013-2082 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle allows bypass of intended access restrictions Moderate
CVE-2014-0122 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle does not properly restrict access Moderate
CVE-2014-0123 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle allows attackers to obtain sensitive information Moderate
CVE-2014-0124 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle places a session key in a URL Moderate
CVE-2014-0125 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle cross-site request forgery (CSRF) vulnerability Moderate
CVE-2014-0126 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle's time-validation implementation allows bypassing intended restrictions Moderate
CVE-2014-0127 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database