Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,908
Erlang
39
GitHub Actions
38
Go
2,568
Maven
5,000+
npm
4,240
NuGet
754
pip
4,004
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

281 advisories

Loading
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated Moderate
CVE-2023-30541 was published for @openzeppelin/contracts (npm) Apr 17, 2023
MarkLee131
Credited to MarkLee131
Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin Moderate
CVE-2023-25727 was published for phpmyadmin/phpmyadmin (Composer) Feb 13, 2023
MarkLee131
Credited to MarkLee131
Apache Kafka Connect vulnerable to Deserialization of Untrusted Data High
CVE-2023-25194 was published for org.apache.kafka:connect (Maven) Feb 7, 2023
MarkLee131
Credited to MarkLee131
Django contains Uncontrolled Resource Consumption via cached header High
CVE-2023-23969 was published for django (pip) Feb 1, 2023
MarkLee131
Credited to MarkLee131
TYPO3-EXT-SA-2022-018: Multiple vulnerabilities in extension "Master-Quiz" (fp_masterquiz) Moderate
CVE-2022-47407 was published for fixpunkt/fp-masterquiz (Composer) Dec 14, 2022
MarkLee131
Credited to MarkLee131
XXL-JOB vulnerable to Server-Side Request Forgery (SSRF) High
CVE-2022-43183 was published for com.xuxueli:xxl-job-core (Maven) Nov 17, 2022
MarkLee131 achibear
Credited to MarkLee131 and achibear
Improper Privilege Management in com.xuxueli:xxl-job High
CVE-2022-36157 was published for com.xuxueli:xxl-job (Maven) Aug 20, 2022
MarkLee131
Credited to MarkLee131
MunkiReport Managed Installs module Reflected Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2020-15883 was published for munkireport/managedinstalls (Composer) May 24, 2022
MarkLee131
Credited to MarkLee131
MunkiReport Cross-Site Scripting (XSS) Filter Bypass On Comment Moderate
CVE-2020-15885 was published for munkireport/comment (Composer) May 24, 2022
MarkLee131
Credited to MarkLee131
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation High
CVE-2020-13700 was published for airesvsg/acf-to-rest-api (Composer) May 24, 2022
MarkLee131
Credited to MarkLee131
Moodle all messaging conversations could be viewed High
CVE-2019-10154 was published for moodle/moodle (Composer) May 24, 2022
MarkLee131
Credited to MarkLee131
Moodle Open Redirect Vulnerability Moderate
CVE-2019-10133 was published for moodle/moodle (Composer) May 24, 2022
MarkLee131
Credited to MarkLee131
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability Critical
CVE-2014-4172 was published for DotNetCasClient (Composer) May 17, 2022
MarkLee131
Credited to MarkLee131
Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient Moderate
CVE-2011-1498 was published for org.apache.httpcomponents:httpclient (Maven) May 17, 2022
MarkLee131
Credited to MarkLee131
XML Entity Expansion (XEE) in Django Moderate
CVE-2013-1664 was published for Django (pip) May 17, 2022
MarkLee131
Credited to MarkLee131
XML External Entity (XXE) in Django Moderate
CVE-2013-1665 was published for Django (pip) May 17, 2022
MarkLee131
Credited to MarkLee131
Improper Neutralization of Input During Web Page Generation in JavaMelody Moderate
CVE-2013-4378 was published for net.bull.javamelody:javamelody-core (Maven) May 17, 2022
MarkLee131
Credited to MarkLee131
Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1 High
CVE-2013-1777 was published for org.apache.geronimo.framework:geronimo-jmx-remoting (Maven) May 17, 2022
westonsteimel MarkLee131
Credited to westonsteimel and MarkLee131
XML Injection in Apache Solr Moderate
CVE-2013-6408 was published for org.apache.solr:solr-core (Maven) May 17, 2022
MarkLee131
Credited to MarkLee131
Apache Solr UpdateRequestHandler for XML resolves XML External Entities Moderate
CVE-2013-6407 was published for org.apache.solr:solr-core (Maven) May 17, 2022
MarkLee131
Credited to MarkLee131
Improper Limitation of a Pathname to a Restricted Directory in Apache Solr Moderate
CVE-2013-6397 was published for org.apache.solr:solr-core (Maven) May 17, 2022
MarkLee131
Credited to MarkLee131
Missing Cryptographic Step in OWASP Enterprise Security API for Java Low
CVE-2013-5679 was published for org.owasp.esapi:esapi (Maven) May 17, 2022
MarkLee131
Credited to MarkLee131
Cross-site Scripting in Apache ActiveMQ Moderate
CVE-2012-6092 was published for org.apache.activemq:activemq-core (Maven) May 17, 2022
MarkLee131
Credited to MarkLee131
Django Access Restrictions Bypass High
CVE-2016-2048 was published for django (pip) May 17, 2022
MarkLee131
Credited to MarkLee131
Django allows user sessions hijacking via an empty string in the session key Moderate
CVE-2015-3982 was published for Django (pip) May 17, 2022
MarkLee131
Credited to MarkLee131
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database