Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

20,704 advisories

Loading
Moodle admin presets export tool includes some secrets that should not be exported Low
CVE-2024-43427 was published for moodle/moodle (Composer) Nov 11, 2024
Moodle has user information visibility control issues in gradebook reports Low
CVE-2024-43429 was published for moodle/moodle (Composer) Nov 11, 2024
Moodle has insufficient access control Low
CVE-2024-43430 was published for moodle/moodle (Composer) Nov 11, 2024
Moodle authorization headers preserved between "emulated redirects" Low
CVE-2024-43432 was published for moodle/moodle (Composer) Nov 11, 2024
Moodle's user/power level management inconsistent with suspended users Low
CVE-2024-43433 was published for moodle/moodle (Composer) Nov 11, 2024
Moodle has insufficient capability checks Low
CVE-2024-43435 was published for moodle/moodle (Composer) Nov 11, 2024
wasm3 uncontrolled memory allocation vulnerability Moderate
CVE-2024-27529 was published for github.com/shareup/wasm-interpreter-apple (pip) Nov 9, 2024
Git credentials are exposed in Atlantis logs High
CVE-2024-52009 was published for github.com/runatlantis/atlantis (Go) Nov 8, 2024
niooss-ledger
XXE vulnerability in XSLT parsing in `org.hl7.fhir.core` High
CVE-2024-52007 was published for ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may (Maven) Nov 8, 2024
allonsyintensely
sp1 has insufficient observation of cumulative sum Low
GHSA-8m24-3cfx-9fjw was published for sp1-recursion-circuit (Rust) Nov 8, 2024
Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data Low
CVE-2024-50378 was published for apache-airflow (pip) Nov 8, 2024
Regular Expression Denial of Service (ReDoS) in cross-spawn High
CVE-2024-21538 was published for cross-spawn (npm) Nov 8, 2024
rozeskjm G-Rath
changedetection.io path traversal using file URI scheme without supplying hostname High
CVE-2024-51998 was published for changedetection.io (pip) Nov 7, 2024
Erb3
HTTP Client uses incorrect token after refresh Moderate
CVE-2024-51987 was published for Duende.AccessTokenManagement.OpenIdConnect (NuGet) Nov 7, 2024
natelaff
XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream High
CVE-2024-47072 was published for com.thoughtworks.xstream:xstream (Maven) Nov 7, 2024
DarkaMaul
Hashicorp Nomad Incorrect Authorization vulnerability Moderate
CVE-2024-10975 was published for github.com/hashicorp/nomad (Go) Nov 7, 2024
PHPExcel XXE Vulnerability High
CVE-2015-3542 was published for phpoffice/phpexcel (Composer) Nov 7, 2024
Devtron has SQL Injection in CreateUser API High
CVE-2024-45794 was published for github.com/devtron-labs/devtron (Go) Nov 7, 2024
leonnewton
jj vulnerable to path traversal via crafted Git repositories Critical
CVE-2024-51990 was published for jj-lib (Rust) Nov 7, 2024
joernchen yuja
Filament has exported files stored in default (`public`) filesystem if not reconfigured Low
CVE-2024-51758 was published for filament/actions (Composer) Nov 7, 2024
danharrin catferq
Moodle vulnerable to cache poisoning via injection into storage Moderate
CVE-2024-43428 was published for moodle/moodle (Composer) Nov 7, 2024
Moodle vulnerable to site administration SQL injection via XMLDB editor Moderate
CVE-2024-43436 was published for moodle/moodle (Composer) Nov 7, 2024
Moodle's IDOR in badges allows deletion of arbitrary badges Moderate
CVE-2024-43431 was published for moodle/moodle (Composer) Nov 7, 2024
Moodle LFI vulnerability when restoring malformed block backups Moderate
CVE-2024-43440 was published for moodle/moodle (Composer) Nov 7, 2024
Moodle has CSRF risk in Feedback non-respondents report High
CVE-2024-43434 was published for moodle/moodle (Composer) Nov 7, 2024
ProTip! Advisories are also available from the GraphQL API