GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
4,273 advisories
Filter by severity
ibexa/http-cache affected by Breach with Varnish VCL
Moderate
GHSA-fh7v-q458-7vmw
was published
for
ibexa/http-cache
(Composer)
Dec 2, 2024
ezsystems/ezplatform-http-cache affected by Breach with Varnish VCL
Moderate
GHSA-mgfg-7533-7jf6
was published
for
ezsystems/ezplatform-http-cache
(Composer)
Dec 2, 2024
Ibexa Admin UI vulnerable to Cross-site Scripting in a field that is used in the Content name pattern
Moderate
CVE-2024-53864
was published
for
ibexa/admin-ui
(Composer)
Dec 2, 2024
SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
Moderate
CVE-2024-52806
was published
for
simplesamlphp/saml2
(Composer)
Dec 2, 2024
SimpleSAMLphp xml-common XXE vulnerability
High
CVE-2024-52596
was published
for
simplesamlphp/xml-common
(Composer)
Dec 2, 2024
Withdrawn Advisory: Symfony's VarDumper vulnerable to unsafe deserialization
High
CVE-2024-36610
was published
for
symfony/var-dumper
(Composer)
Nov 29, 2024
•
withdrawn
Withdrawn Advisory: Symfony http-security has authentication bypass
Moderate
CVE-2024-36611
was published
for
symfony/security-http
(Composer)
Nov 29, 2024
•
withdrawn
SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails
High
CVE-2024-53860
was published
for
spencer14420/sp-php-email-handler
(Composer)
Nov 27, 2024
TCPDF Local File Inclusion vulnerability
Moderate
CVE-2024-51058
was published
for
tecnickcom/tcpdf
(Composer)
Nov 26, 2024
Moodle IDOR when deleting OAuth2 linked accounts
Moderate
CVE-2024-45690
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
Moodle allows users to retrieve information they did not have permission to access
Moderate
CVE-2024-45689
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
Moodle Lesson activity password bypass through PHP loose comparison
Moderate
CVE-2024-45691
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
Moodle IDOR when accessing list of course badges
Moderate
CVE-2024-48899
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
Redaxo Core CMS Cross Site Scripting (XSS)
Moderate
CVE-2024-50803
was published
for
redaxo/source
(Composer)
Nov 19, 2024
Statamic CMS has a Path Traversal in Asset Upload
Moderate
CVE-2024-52600
was published
for
statamic/cms
(Composer)
Nov 19, 2024
XXE in PHPSpreadsheet's XLSX reader
High
CVE-2024-48917
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 18, 2024
XmlScanner bypass leads to XXE
High
CVE-2024-47873
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 18, 2024
moodle: Some users can delete audiences of other reports
Moderate
CVE-2024-48898
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
Moodle leaks user names
Moderate
CVE-2024-48896
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
moodle: IDOR in edit/delete RSS feed
Moderate
CVE-2024-48897
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
moodle: IDOR when fetching report schedules
Moderate
CVE-2024-48901
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php
High
CVE-2024-52526
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has an Authenticated OS Command Injection
Critical
CVE-2024-51092
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php
High
CVE-2024-51497
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php
High
CVE-2024-51496
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
ProTip!
Advisories are also available from the
GraphQL API