Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,678
NuGet
645
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

191 advisories

Loading
OpenStack Image Service (Glance) vulnerable to Improper Access Control Moderate
CVE-2016-0757 was published for glance (pip) May 17, 2022
Django Access Restrictions Bypass Moderate
CVE-2016-2048 was published for django (pip) May 17, 2022
MarkLee131
OpenStack Identity Keystone Improper Access Control Moderate
CVE-2016-4911 was published for keystone (pip) May 17, 2022
Symfony Incorrect Access Control Moderate
CVE-2015-4050 was published for symfony/http-kernel (Composer) May 17, 2022
MoinMoin Access Restrictions Bypassed due to improper ACL enforcement Moderate
CVE-2008-6603 was published for moin (pip) May 17, 2022
Apache Tomcat does not follow ServletSecurity annotations Moderate
CVE-2011-1419 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
OpenStack Compute (Nova) Improper Access Control Moderate
CVE-2015-2687 was published for nova (pip) May 17, 2022
Improper Access Control in Apache Tomcat Moderate
CVE-2012-5885 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Improper Access Control in MySQL Connectors Java Moderate
CVE-2015-2575 was published for mysql:mysql-connector-java (Maven) May 17, 2022
Improper Access Control in Apache WSS4J Moderate
CVE-2015-0227 was published for org.apache.ws.security:wss4j (Maven) May 14, 2022
Mediawiki tarball is missing .htaccess files Moderate
CVE-2018-13258 was published for mediawiki/core (Composer) May 14, 2022
Improper Access Control in Apache Tomcat Moderate
CVE-2014-7810 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Puppet does not properly restrict access to node resources Moderate
CVE-2011-0528 was published for puppet (RubyGems) May 14, 2022
Craft CMS Unauthorized View Moderate
CVE-2017-8383 was published for craftcms/cms (Composer) May 13, 2022
Kubernetes arbitrary file overwrite Moderate
CVE-2017-1002102 was published for k8s.io/kubernetes (Go) May 13, 2022
marquiz
Gitea Arbitrary File Delete Vulnerability Moderate
CVE-2019-1000002 was published for code.gitea.io/gitea (Go) May 13, 2022
Contao Information Disclosure via Access Control Flaws Moderate
CVE-2018-20028 was published for contao/contao (Composer) May 13, 2022
Improper Access Control in Telerik Extensions Moderate
CVE-2018-17060 was published for TelerikMvcExtensions (NuGet) May 13, 2022
Moodle does not properly restrict access to category and course data Moderate
CVE-2011-4300 was published for moodle/moodle (Composer) May 13, 2022
Moodle is vulnerable to unauthorized new accounts creation Moderate
CVE-2010-1616 was published for moodle/moodle (Composer) May 13, 2022
Moodle does not consider "don't send" attributes during hub registration Moderate
CVE-2013-2081 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle allows remote authenticated users to reassign notes Moderate
CVE-2013-1834 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle does not enforce the forceloginforprofiles setting Moderate
CVE-2013-1830 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle allows attackers to extract archives to arbitrary directories Moderate
CVE-2015-2267 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle Unauthenticated Access Moderate
CVE-2016-8642 was published for moodle/moodle (Composer) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database