GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
59 advisories
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation
High
CVE-2020-13700
was published
for
airesvsg/acf-to-rest-api
(Composer)
May 24, 2022
Improper Privilege Management in com.xuxueli:xxl-job
High
CVE-2022-36157
was published
for
com.xuxueli:xxl-job
(Maven)
Aug 20, 2022
XXL-JOB vulnerable to Server-Side Request Forgery (SSRF)
High
CVE-2022-43183
was published
for
com.xuxueli:xxl-job-core
(Maven)
Nov 17, 2022
n8n Information Disclosure vulnerability
High
CVE-2023-27564
was published
for
n8n
(npm)
May 10, 2023
RaspAP Command Injection vulnerability
High
CVE-2022-39987
was published
for
billz/raspap-webgui
(Composer)
Aug 1, 2023
Moodle Temporary Passwords are Brute Force-able
High
CVE-2014-7845
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle open redirect vulnerability
High
CVE-2015-3272
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Cross-site request forgery (CSRF) vulnerability
High
CVE-2016-3734
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle XML import of ddwtos could lead to intentional remote code execution
High
CVE-2018-14630
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle uses predictable password-recovery tokens
High
CVE-2015-5267
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Users could elevate their role when accessing the LTI tool on a provider site
High
CVE-2019-3849
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle multiple cross-site request forgery (CSRF) vulnerabilities
High
CVE-2015-5338
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site request forgery (CSRF) vulnerability
High
CVE-2016-2157
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle all messaging conversations could be viewed
High
CVE-2019-10154
was published
for
moodle/moodle
(Composer)
May 24, 2022
Moodle vulnerable to PHP object injection attacks
High
CVE-2014-3541
was published
for
moodle/moodle
(Composer)
May 13, 2022
Improper Access Control in moodle
High
CVE-2020-25698
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Deserialization of Untrusted Data in Apache OpenJPA
High
CVE-2013-1768
was published
for
org.apache.openjpa:openjpa
(Maven)
May 14, 2022
Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation
High
CVE-2018-1274
was published
for
org.springframework.data:spring-data-commons
(Maven)
Oct 17, 2018
There is a XML external entity expansion (XXE) vulnerability in Apache Solr
High
CVE-2018-1308
was published
for
org.apache.solr:solr-core
(Maven)
Oct 17, 2018
Improper Input Validation in Apache Thrift
High
CVE-2018-1320
was published
for
org.apache.thrift:libthrift
(Maven)
Jan 17, 2019
High severity vulnerability that affects org.apache.syncope:syncope-core
High
CVE-2018-1321
was published
for
org.apache.syncope:syncope-core
(Maven)
Nov 6, 2018
Issuer validation regression in Spring Cloud SSO Connector
High
CVE-2018-1256
was published
for
io.pivotal.spring.cloud:spring-cloud-sso-connector
(Maven)
May 13, 2022
Authorization bypass in org.springframework.security.oauth:spring-security-oauth2
High
CVE-2018-15758
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Oct 19, 2018
Improper Restriction of XML External Entity Reference in org.apache.syncope:syncope-core
High
CVE-2018-17186
was published
for
org.apache.syncope:syncope-core
(Maven)
Nov 6, 2018
ProTip!
Advisories are also available from the
GraphQL API