Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,750 advisories

Loading
Moodle Unauthenticated Access Moderate
CVE-2016-8642 was published for moodle/moodle (Composer) May 13, 2022
In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. Moderate Unreviewed
CVE-2016-8643 was published May 13, 2022
Moodle allows attackers to extract archives to arbitrary directories Moderate
CVE-2015-2267 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle does not enforce the forceloginforprofiles setting Moderate
CVE-2013-1830 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle allows remote authenticated users to reassign notes Moderate
CVE-2013-1834 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle does not consider "don't send" attributes during hub registration Moderate
CVE-2013-2081 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle is vulnerable to unauthorized new accounts creation Moderate
CVE-2010-1616 was published for moodle/moodle (Composer) May 13, 2022
Moodle does not properly restrict access to category and course data Moderate
CVE-2011-4300 was published for moodle/moodle (Composer) May 13, 2022
Moodle does not use the forceloginforprofiles setting for course-profiles access control Moderate
CVE-2011-4279 was published for moodle/moodle (Composer) May 13, 2022
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to... Moderate Unreviewed
CVE-2016-3020 was published May 13, 2022
The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16... Moderate Unreviewed
CVE-2016-2167 was published May 13, 2022
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by... Moderate Unreviewed
CVE-2018-16838 was published May 13, 2022
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and... Moderate Unreviewed
CVE-2019-6538 was published May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to... Moderate Unreviewed
CVE-2015-4902 was published May 13, 2022
Improper Access Control in Telerik Extensions Moderate
CVE-2018-17060 was published for TelerikMvcExtensions (NuGet) May 13, 2022
Contao Information Disclosure via Access Control Flaws Moderate
CVE-2018-20028 was published for contao/contao (Composer) May 13, 2022
Gitea Arbitrary File Delete Vulnerability Moderate
CVE-2019-1000002 was published for code.gitea.io/gitea (Go) May 13, 2022
The admin pages for power types and key types in Beaker before 20.1 do not have any access... Moderate Unreviewed
CVE-2015-3163 was published May 13, 2022
The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka... Moderate Unreviewed
CVE-2014-9422 was published May 13, 2022
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which... Moderate Unreviewed
CVE-2016-5404 was published May 13, 2022
The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after... Moderate Unreviewed
CVE-2016-6198 was published May 13, 2022
Jenkins allows Bypass of Access Restrictions Moderate
CVE-2015-5325 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote... Moderate Unreviewed
CVE-2018-8922 was published May 13, 2022
A vulnerability in the per-user-override feature of Cisco Adaptive Security Appliance (ASA)... Moderate Unreviewed
CVE-2018-15398 was published May 13, 2022
Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and... Moderate Unreviewed
CVE-2018-10631 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database