GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
175 advisories
Filter by severity
Typo3 Backend API XSS Vulnerability
Low
CVE-2012-6147
was published
for
typo3/cms
(Composer)
May 17, 2022
Typo3 Backend History Module Vulnerable to XSS
Low
CVE-2012-6145
was published
for
typo3/cms
(Composer)
May 17, 2022
Typo3 Function Menu API XSS Vulnerability
Low
CVE-2012-6148
was published
for
typo3/cms
(Composer)
May 17, 2022
Typo3 Backend XSS Vulnerability
Low
CVE-2012-3528
was published
for
typo3/cms
(Composer)
May 17, 2022
Typo3 Backend Configuration XSS Vulnerability
Low
CVE-2012-3529
was published
for
typo3/cms
(Composer)
May 17, 2022
phpMyAdmin Multiple XSS Vulnerabilities
Low
CVE-2011-3592
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
phpMyAdmin Multiple XSS Vulnerabilities After Inline Editing and Save
Low
CVE-2011-3591
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module
Low
CVE-2013-1833
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle's login_as feature leaks information from external repositories
Low
CVE-2013-1835
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site scripting (XSS) vulnerability
Low
CVE-2014-2571
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site scripting (XSS) vulnerability
Low
CVE-2014-3544
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle multiple cross-site scripting (XSS) vulnerabilities
Low
CVE-2014-3551
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site scripting (XSS) vulnerability
Low
CVE-2014-7830
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to upload files containing JavaScript
Low
CVE-2014-7835
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site scripting (XSS) vulnerability
Low
CVE-2015-0212
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not set the RISK_XSS bit for graders
Low
CVE-2015-0216
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site scripting (XSS) vulnerability
Low
CVE-2015-2273
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not set the RISK_XSS bit for graders
Low
CVE-2015-3174
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site scripting (XSS) vulnerability
Low
CVE-2015-3178
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to bypass intended login restrictions
Low
CVE-2015-3179
was published
for
moodle/moodle
(Composer)
May 13, 2022
Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions
Low
CVE-2024-24754
was published
for
bref/bref
(Composer)
Feb 1, 2024
SilverStripe Priviledge escalation through cache pollution
Low
CVE-2019-12617
was published
for
silverstripe/framework
(Composer)
Nov 12, 2019
Prevent cache poisoning via a Response Content-Type header in Symfony
Low
CVE-2020-5255
was published
for
symfony/http-foundation
(Composer)
Mar 30, 2020
ProTip!
Advisories are also available from the
GraphQL API