GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
171 advisories
MunkiReport Cross-Site Scripting (XSS) Filter Bypass On Comment
Moderate
CVE-2020-15885
was published
for
munkireport/comment
(Composer)
May 24, 2022
MunkiReport Managed Installs module Reflected Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2020-15883
was published
for
munkireport/managedinstalls
(Composer)
May 24, 2022
NASA Open MCT Cross Site Scripting vulnerability
Moderate
CVE-2023-45885
was published
for
openmct
(npm)
Nov 9, 2023
NASA Open MCT Cross Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2023-45884
was published
for
openmct
(npm)
Nov 9, 2023
Mattermost vulnerable to excessive memory consumption
Moderate
CVE-2023-5969
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 6, 2023
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
Moderate
CVE-2023-30541
was published
for
@openzeppelin/contracts
(npm)
Apr 17, 2023
Mattermost password hash disclosure vulnerability
Moderate
CVE-2023-5968
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 6, 2023
OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunning
Moderate
CVE-2023-34234
was published
for
@openzeppelin/contracts
(npm)
Jun 8, 2023
n8n Directory Traversal vulnerability
Moderate
CVE-2023-27562
was published
for
n8n
(npm)
May 10, 2023
Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin
Moderate
CVE-2023-25727
was published
for
phpmyadmin/phpmyadmin
(Composer)
Feb 13, 2023
TYPO3-EXT-SA-2022-018: Multiple vulnerabilities in extension "Master-Quiz" (fp_masterquiz)
Moderate
CVE-2022-47407
was published
for
fixpunkt/fp-masterquiz
(Composer)
Dec 14, 2022
Cross-site Scripting in OpenCRX
Moderate
CVE-2023-40813
was published
for
org.opencrx:opencrx-core-models
(Maven)
Nov 18, 2023
Concrete CMS missing secure cookie parameters
Moderate
CVE-2023-28472
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
Stored cross site scripting on API integration
Moderate
CVE-2023-28477
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
Reflected cross site scripting
Moderate
CVE-2023-28475
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
ConcreteCMS Cross-site Scripting vulnerability
Moderate
CVE-2023-44761
was published
for
concrete5/concrete5
(Composer)
Oct 6, 2023
ConcreteCMS Cross-site Scripting vulnerability
Moderate
CVE-2023-44765
was published
for
concrete5/concrete5
(Composer)
Oct 6, 2023
Apache Camel's Mail is vulnerable to path traversal
Moderate
CVE-2018-8041
was published
for
org.apache.camel:camel-mail
(Maven)
Oct 16, 2018
Moodle does not enforce the forceloginforprofiles setting
Moderate
CVE-2013-1830
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows remote attackers to read arbitrary files
Moderate
CVE-2014-3542
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle reveals absolute path in exception message
Moderate
CVE-2013-1831
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle includes the WebDAV password in the configuration form
Moderate
CVE-2013-1832
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows remote authenticated users to reassign notes
Moderate
CVE-2013-1834
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not properly manage privileges for WebDAV repositories
Moderate
CVE-2013-1836
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle is vulnerable to Sensitive Information Disclosure
Moderate
CVE-2013-2080
was published
for
moodle/moodle
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API