Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

31,043 advisories

Loading
Moodle has user information visibility control issues in gradebook reports Low
CVE-2024-43429 was published for moodle/moodle (Composer) Nov 11, 2024
Moodle authorization headers preserved between "emulated redirects" Low
CVE-2024-43432 was published for moodle/moodle (Composer) Nov 11, 2024
wasm3 uncontrolled memory allocation vulnerability Moderate
CVE-2024-27529 was published for github.com/shareup/wasm-interpreter-apple (pip) Nov 9, 2024
Git credentials are exposed in Atlantis logs High
CVE-2024-52009 was published for github.com/runatlantis/atlantis (Go) Nov 8, 2024
niooss-ledger Credited to niooss-ledger
XXE vulnerability in XSLT parsing in `org.hl7.fhir.core` High
CVE-2024-52007 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (Maven) Nov 8, 2024
soaringlion Credited to soaringlion
sp1 has insufficient observation of cumulative sum Low
GHSA-8m24-3cfx-9fjw was published for sp1-recursion-circuit (Rust) Nov 8, 2024
Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data Low
CVE-2024-50378 was published for apache-airflow (pip) Nov 8, 2024
Regular Expression Denial of Service (ReDoS) in cross-spawn High
CVE-2024-21538 was published for cross-spawn (npm) Nov 8, 2024
rozeskjm Credited to rozeskjm and G-Rath G-Rath G-Rath
Froala WYSIWYG editor allows cross-site scripting (XSS) Moderate
CVE-2024-51434 was published for froala-editor (Composer) Nov 8, 2024
cdupuis Credited to cdupuis
changedetection.io path traversal using file URI scheme without supplying hostname High
CVE-2024-51998 was published for changedetection.io (pip) Nov 7, 2024
piprett Credited to piprett
HTTP Client uses incorrect token after refresh Moderate
CVE-2024-51987 was published for Duende.AccessTokenManagement.OpenIdConnect (NuGet) Nov 7, 2024
natelaff Credited to natelaff
XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream High
CVE-2024-47072 was published for com.thoughtworks.xstream:xstream (Maven) Nov 7, 2024
DarkaMaul Credited to DarkaMaul
Hashicorp Nomad Incorrect Authorization vulnerability Moderate
CVE-2024-10975 was published for github.com/hashicorp/nomad (Go) Nov 7, 2024
PHPExcel XXE Vulnerability High
CVE-2015-3542 was published for phpoffice/phpexcel (Composer) Nov 7, 2024
Devtron has SQL Injection in CreateUser API High
CVE-2024-45794 was published for github.com/devtron-labs/devtron (Go) Nov 7, 2024
leonnewton Credited to leonnewton
jj vulnerable to path traversal via crafted Git repositories Critical
CVE-2024-51990 was published for jj-lib (Rust) Nov 7, 2024
joernchen Credited to joernchen and yuja yuja yuja
Filament has exported files stored in default (`public`) filesystem if not reconfigured Low
CVE-2024-51758 was published for filament/actions (Composer) Nov 7, 2024
danharrin Credited to danharrin and catferq catferq catferq
Moodle vulnerable to cache poisoning via injection into storage Moderate
CVE-2024-43428 was published for moodle/moodle (Composer) Nov 7, 2024
Moodle's IDOR in badges allows deletion of arbitrary badges Moderate
CVE-2024-43431 was published for moodle/moodle (Composer) Nov 7, 2024
Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users Moderate
CVE-2024-43438 was published for moodle/moodle (Composer) Nov 7, 2024
Moodle has CSRF risk in Feedback non-respondents report High
CVE-2024-43434 was published for moodle/moodle (Composer) Nov 7, 2024
Moodle LFI vulnerability when restoring malformed block backups Moderate
CVE-2024-43440 was published for moodle/moodle (Composer) Nov 7, 2024
Moodle vulnerable to site administration SQL injection via XMLDB editor Moderate
CVE-2024-43436 was published for moodle/moodle (Composer) Nov 7, 2024
Moodle Remote Code Execution vulnerability High
CVE-2024-43425 was published for moodle/moodle (Composer) Nov 7, 2024
Moodle has arbitrary file read risk through pdfTeX Moderate
CVE-2024-43426 was published for moodle/moodle (Composer) Nov 7, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database