GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,678
NuGet
645
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
191 advisories
Filter by severity
OpenStack Image Service (Glance) vulnerable to Improper Access Control
Moderate
CVE-2016-0757
was published
for
glance
(pip)
May 17, 2022
Django Access Restrictions Bypass
Moderate
CVE-2016-2048
was published
for
django
(pip)
May 17, 2022
OpenStack Identity Keystone Improper Access Control
Moderate
CVE-2016-4911
was published
for
keystone
(pip)
May 17, 2022
Symfony Incorrect Access Control
Moderate
CVE-2015-4050
was published
for
symfony/http-kernel
(Composer)
May 17, 2022
MoinMoin Access Restrictions Bypassed due to improper ACL enforcement
Moderate
CVE-2008-6603
was published
for
moin
(pip)
May 17, 2022
Apache Tomcat does not follow ServletSecurity annotations
Moderate
CVE-2011-1419
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
OpenStack Compute (Nova) Improper Access Control
Moderate
CVE-2015-2687
was published
for
nova
(pip)
May 17, 2022
Improper Access Control in Apache Tomcat
Moderate
CVE-2012-5885
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Improper Access Control in MySQL Connectors Java
Moderate
CVE-2015-2575
was published
for
mysql:mysql-connector-java
(Maven)
May 17, 2022
Improper Access Control in Apache WSS4J
Moderate
CVE-2015-0227
was published
for
org.apache.ws.security:wss4j
(Maven)
May 14, 2022
Mediawiki tarball is missing .htaccess files
Moderate
CVE-2018-13258
was published
for
mediawiki/core
(Composer)
May 14, 2022
Improper Access Control in Apache Tomcat
Moderate
CVE-2014-7810
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Puppet does not properly restrict access to node resources
Moderate
CVE-2011-0528
was published
for
puppet
(RubyGems)
May 14, 2022
Craft CMS Unauthorized View
Moderate
CVE-2017-8383
was published
for
craftcms/cms
(Composer)
May 13, 2022
Kubernetes arbitrary file overwrite
Moderate
CVE-2017-1002102
was published
for
k8s.io/kubernetes
(Go)
May 13, 2022
Gitea Arbitrary File Delete Vulnerability
Moderate
CVE-2019-1000002
was published
for
code.gitea.io/gitea
(Go)
May 13, 2022
Contao Information Disclosure via Access Control Flaws
Moderate
CVE-2018-20028
was published
for
contao/contao
(Composer)
May 13, 2022
Improper Access Control in Telerik Extensions
Moderate
CVE-2018-17060
was published
for
TelerikMvcExtensions
(NuGet)
May 13, 2022
Moodle does not properly restrict access to category and course data
Moderate
CVE-2011-4300
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle is vulnerable to unauthorized new accounts creation
Moderate
CVE-2010-1616
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not consider "don't send" attributes during hub registration
Moderate
CVE-2013-2081
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows remote authenticated users to reassign notes
Moderate
CVE-2013-1834
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not enforce the forceloginforprofiles setting
Moderate
CVE-2013-1830
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to extract archives to arbitrary directories
Moderate
CVE-2015-2267
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Unauthenticated Access
Moderate
CVE-2016-8642
was published
for
moodle/moodle
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API