Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

4,237 advisories

Loading
Moodle IDOR when accessing list of course badges Moderate
CVE-2024-48899 was published for moodle/moodle (Composer) Nov 20, 2024
Moodle Lesson activity password bypass through PHP loose comparison Moderate
CVE-2024-45691 was published for moodle/moodle (Composer) Nov 20, 2024
Moodle IDOR when deleting OAuth2 linked accounts Moderate
CVE-2024-45690 was published for moodle/moodle (Composer) Nov 20, 2024
Moodle allows users to retrieve information they did not have permission to access Moderate
CVE-2024-45689 was published for moodle/moodle (Composer) Nov 20, 2024
moodle: IDOR when fetching report schedules Moderate
CVE-2024-48901 was published for moodle/moodle (Composer) Nov 18, 2024
moodle: IDOR in edit/delete RSS feed Moderate
CVE-2024-48897 was published for moodle/moodle (Composer) Nov 18, 2024
Statamic CMS has a Path Traversal in Asset Upload Moderate
CVE-2024-52600 was published for statamic/cms (Composer) Nov 19, 2024
SamSchroderBSG
Improper Authorization in dolibarr/dolibarr Moderate
CVE-2021-3991 was published for dolibarr/dolibarr (Composer) Nov 15, 2024
Redaxo Core CMS Cross Site Scripting (XSS) Moderate
CVE-2024-50803 was published for redaxo/source (Composer) Nov 19, 2024
CSRF leading to delete account in wallabag/wallabag Moderate
CVE-2023-0737 was published for wallabag/wallabag (Composer) Nov 15, 2024
Cross Site Scripting vulnerability in Snipe-IT High
CVE-2024-51093 was published for snipe/snipe-it (Composer) Nov 12, 2024
moodle: Some users can delete audiences of other reports Moderate
CVE-2024-48898 was published for moodle/moodle (Composer) Nov 18, 2024
Moodle leaks user names Moderate
CVE-2024-48896 was published for moodle/moodle (Composer) Nov 18, 2024
XXE in PHPSpreadsheet's XLSX reader High
CVE-2024-48917 was published for phpoffice/phpspreadsheet (Composer) Nov 18, 2024
antoniospataro Antonio-R1
Improper Restriction of XML External Entity Reference in dompdf/dompdf Critical
CVE-2021-3902 was published for dompdf/dompdf (Composer) Nov 15, 2024
Deserialization of Untrusted Data in dompdf/dompdf Critical
CVE-2021-3838 was published for dompdf/dompdf (Composer) Nov 15, 2024
FileManager Deserialization of Untrusted Data vulnerability High
CVE-2024-52306 was published for backpack/filemanager (Composer) Nov 13, 2024
catferq
XmlScanner bypass leads to XXE High
CVE-2024-47873 was published for phpoffice/phpspreadsheet (Composer) Nov 18, 2024
Antonio-R1 antoniospataro
Mautic has insufficient authentication in upgrade flow Moderate
CVE-2024-47051 was published for mautic/core (Composer) Sep 18, 2024
mollux escopecz
patrykgruszka
auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped Moderate
CVE-2024-45592 was published for damienharper/auditor-bundle (Composer) Sep 10, 2024
fkropfhamer
Shopware vulnerable to blind SQL-injection in DAL aggregations Moderate
CVE-2024-42357 was published for shopware/core (Composer) Aug 8, 2024
ICEcoder vulnerable to Cross Site Scripting High
CVE-2024-41375 was published for icecoder/icecoder (Composer) Jul 26, 2024
ICEcoder vulnerable to Cross Site Scripting High
CVE-2024-41374 was published for icecoder/icecoder (Composer) Jul 26, 2024
Dolibarr ERP CRM vulnerable to remote code execution (RCE) High
CVE-2024-40137 was published for dolibarr/dolibarr (Composer) Jul 24, 2024
ProcessWire Cross Site Request Forgery vulnerability Low
CVE-2024-41597 was published for processwire/processwire (Composer) Jul 19, 2024
ProTip! Advisories are also available from the GraphQL API