GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
59 advisories
Moodle open redirect vulnerability
High
CVE-2015-3272
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Temporary Passwords are Brute Force-able
High
CVE-2014-7845
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle vulnerable to PHP object injection attacks
High
CVE-2014-3541
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Cross-site request forgery (CSRF) vulnerability
High
CVE-2016-3734
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site request forgery (CSRF) vulnerability
High
CVE-2016-2157
was published
for
moodle/moodle
(Composer)
May 13, 2022
Issuer validation regression in Spring Cloud SSO Connector
High
CVE-2018-1256
was published
for
io.pivotal.spring.cloud:spring-cloud-sso-connector
(Maven)
May 13, 2022
Missing XML Validation in Apache Xerces2
High
CVE-2013-4002
was published
for
xerces:xercesImpl
(Maven)
May 13, 2022
Django cross-site request forgery (CSRF) vulnerability
High
CVE-2008-3909
was published
for
django
(pip)
May 2, 2022
Improper Access Control in moodle
High
CVE-2020-25698
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue
High
CVE-2019-12331
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 20, 2019
XXE in PHPSpreadsheet due to encoding issue
High
CVE-2018-19277
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 20, 2019
Django Denial-of-service by filling session store
High
CVE-2015-5143
was published
for
Django
(pip)
Jul 5, 2019
Improper Input Validation in Apache Thrift
High
CVE-2018-1320
was published
for
org.apache.thrift:libthrift
(Maven)
Jan 17, 2019
Commons FileUpload Denial of service vulnerability
High
CVE-2014-0050
was published
for
commons-fileupload:commons-fileupload
(Maven)
Dec 21, 2018
Path Traversal in Hadoop
High
CVE-2018-8009
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Dec 21, 2018
Cleartext Transmission of Sensitive Information in Apache nifi
High
CVE-2018-17195
was published
for
org.apache.nifi:nifi
(Maven)
Dec 20, 2018
Apache NiFi Improper Input Validation vulnerability
High
CVE-2018-17194
was published
for
org.apache.nifi:nifi-framework-cluster
(Maven)
Dec 20, 2018
Spring Security vulnerable to Authorization Bypass
High
CVE-2018-15801
was published
for
org.springframework.security:spring-security-core
(Maven)
Dec 20, 2018
Improper Certificate Validation in proton-j
High
CVE-2018-17187
was published
for
org.apache.qpid:proton-j
(Maven)
Nov 21, 2018
High severity vulnerability that affects org.apache.syncope:syncope-core
High
CVE-2018-1321
was published
for
org.apache.syncope:syncope-core
(Maven)
Nov 6, 2018
Improper Restriction of XML External Entity Reference in org.apache.syncope:syncope-core
High
CVE-2018-17186
was published
for
org.apache.syncope:syncope-core
(Maven)
Nov 6, 2018
Authorization bypass in org.springframework.security.oauth:spring-security-oauth2
High
CVE-2018-15758
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Oct 19, 2018
Race condition in org.apache.hbase:hbase-thrift
High
CVE-2018-8025
was published
for
org.apache.hbase:hbase-thrift
(Maven)
Oct 18, 2018
ProTip!
Advisories are also available from the
GraphQL API