Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

4,190 advisories

Loading
PHPExcel XXE Vulnerability High
CVE-2015-3542 was published for phpoffice/phpexcel (Composer) Nov 7, 2024
Filament has exported files stored in default (`public`) filesystem if not reconfigured Low
CVE-2024-51758 was published for filament/actions (Composer) Nov 7, 2024
danharrin catferq
Moodle has CSRF risk in Feedback non-respondents report High
CVE-2024-43434 was published for moodle/moodle (Composer) Nov 7, 2024
Moodle has arbitrary file read risk through pdfTeX Moderate
CVE-2024-43426 was published for moodle/moodle (Composer) Nov 7, 2024
Moodle's IDOR in badges allows deletion of arbitrary badges Moderate
CVE-2024-43431 was published for moodle/moodle (Composer) Nov 7, 2024
Moodle vulnerable to site administration SQL injection via XMLDB editor Moderate
CVE-2024-43436 was published for moodle/moodle (Composer) Nov 7, 2024
Moodle Remote Code Execution vulnerability High
CVE-2024-43425 was published for moodle/moodle (Composer) Nov 7, 2024
Moodle vulnerable to cache poisoning via injection into storage Moderate
CVE-2024-43428 was published for moodle/moodle (Composer) Nov 7, 2024
Moodle LFI vulnerability when restoring malformed block backups Moderate
CVE-2024-43440 was published for moodle/moodle (Composer) Nov 7, 2024
Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users Moderate
CVE-2024-43438 was published for moodle/moodle (Composer) Nov 7, 2024
Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled Low
CVE-2024-51755 was published for twig/twig (Composer) Nov 6, 2024
maantje nicolas-grekas
G-Rath
Twig has unguarded calls to `__toString()` when nesting an object into an array Low
CVE-2024-51754 was published for twig/twig (Composer) Nov 6, 2024
maantje fabpot
UnoPim Cross-site Scripting vulnerability Moderate
CVE-2024-50637 was published for unopim/unopim (Composer) Nov 6, 2024
Symfony vulnerable to command execution hijack on Windows with Process class High
CVE-2024-51736 was published for symfony/process (Composer) Nov 6, 2024
nicolas-grekas
Symfony vulnerable to open redirect via browser-sanitized URLs Low
CVE-2024-50345 was published for symfony/http-foundation (Composer) Nov 6, 2024
nicolas-grekas
Symfony has an incorrect response from Validator when input ends with `\n` Low
CVE-2024-50343 was published for symfony/symfony (Composer) Nov 6, 2024
alexandre-daubois
Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient Low
CVE-2024-50342 was published for symfony/http-client (Composer) Nov 6, 2024
nicolas-grekas zozs
Symfony's `Security::login` does not take into account custom `user_checker` Low
CVE-2024-50341 was published for symfony/security-bundle (Composer) Nov 6, 2024
94noni xabbuh
Symfony allows changing the environment through a query Moderate
CVE-2024-50340 was published for symfony/runtime (Composer) Nov 6, 2024
wouterj
Laravel Reverb Missing API Signature Verification High
CVE-2024-50347 was published for laravel/reverb (Composer) Oct 31, 2024
RobertBoes
YesWiki Uses a Broken or Risky Cryptographic Algorithm High
CVE-2024-51478 was published for yeswiki/yeswiki (Composer) Oct 31, 2024
Nishacid
ThinkPHP deserialization vulnerability High
CVE-2024-48112 was published for topthink/thinkphp (Composer) Oct 30, 2024
Funadmin Cross-site Scripting vulnerability Low
CVE-2024-48228 was published for funadmin/funadmin (Composer) Oct 26, 2024
SQL injection in funadmin High
CVE-2024-48230 was published for funadmin/funadmin (Composer) Oct 25, 2024
SQL injection in funadmin High
CVE-2024-48229 was published for funadmin/funadmin (Composer) Oct 25, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database