Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,996
Maven
5,000+
npm
3,709
NuGet
661
pip
3,348
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

117,795 advisories

Loading
Moodle allows users to retrieve information they did not have permission to access Moderate
CVE-2024-45689 was published for moodle/moodle (Composer) Nov 20, 2024
Moodle IDOR when deleting OAuth2 linked accounts Moderate
CVE-2024-45690 was published for moodle/moodle (Composer) Nov 20, 2024
django Filer Unrestricted Upload of File with Dangerous Type Moderate
CVE-2024-11404 was published for django-filer (pip) Nov 20, 2024
django CMS Attributes Field Cross-site Scripting Moderate
CVE-2024-11406 was published for djangocms-attributes-field (pip) Nov 20, 2024
Moodle Lesson activity password bypass through PHP loose comparison Moderate
CVE-2024-45691 was published for moodle/moodle (Composer) Nov 20, 2024
Moodle IDOR when accessing list of course badges Moderate
CVE-2024-48899 was published for moodle/moodle (Composer) Nov 20, 2024
The Save as PDF Plugin by Pdfcrowd plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-10891 was published Nov 20, 2024
The Yaad Sarig Payment Gateway For WC plugin for WordPress is vulnerable to unauthorized... Moderate Unreviewed
CVE-2024-10665 was published Nov 20, 2024
Improper access control vulnerability in M-Files Aino in versions before 24.10 allowed an... Moderate Unreviewed
CVE-2024-11176 was published Nov 20, 2024
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu,... Moderate Unreviewed
CVE-2024-10365 was published Nov 20, 2024
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-10900 was published Nov 20, 2024
The 404 Solution plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in... Moderate Unreviewed
CVE-2024-11277 was published Nov 20, 2024
Exposure of sensitive system information to an unauthorized control sphere issue exists in... Moderate Unreviewed
CVE-2024-52033 was published Nov 20, 2024
Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware... Moderate Unreviewed
CVE-2024-47865 was published Nov 20, 2024
Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1... Moderate Unreviewed
CVE-2024-10126 was published Nov 20, 2024
The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting... Moderate Unreviewed
CVE-2024-9239 was published Nov 20, 2024
The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2024-8726 was published Nov 20, 2024
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable... Moderate Unreviewed
CVE-2024-9653 was published Nov 20, 2024
Use of hard-coded cryptographic key issue exists in "Kura Sushi Official App Produced by EPARK"... Moderate Unreviewed
CVE-2024-52614 was published Nov 20, 2024
The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting... Moderate Unreviewed
CVE-2024-11278 was published Nov 20, 2024
In BnCameraService::onTransact of CameraService.cpp, there is a possible information disclosure... Moderate Unreviewed
CVE-2018-9420 was published Nov 20, 2024
In writeInplace of Parcel.cpp, there is a possible information leak across processes, using... Moderate Unreviewed
CVE-2018-9421 was published Nov 20, 2024
Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER.This issue affects... Moderate Unreviewed
CVE-2024-52392 was published Nov 20, 2024
Cross-Site Request Forgery (CSRF) vulnerability in Vivwebs Dynamic Widgets.This issue affects... Moderate Unreviewed
CVE-2024-51669 was published Nov 20, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2023-27609 was published Nov 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database