GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,177 advisories
Filter by severity
Improper Access Control in Telerik Extensions
Moderate
CVE-2018-17060
was published
for
TelerikMvcExtensions
(NuGet)
May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101...
Critical
Unreviewed
CVE-2016-5582
was published
May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to...
Critical
Unreviewed
CVE-2016-5568
was published
May 13, 2022
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to...
Critical
Unreviewed
CVE-2016-5556
was published
May 13, 2022
sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec...
High
Unreviewed
CVE-2016-7032
was published
May 13, 2022
Apache Tomcat Improper Access Control vulnerability
Critical
CVE-2016-8735
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 13, 2022
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by...
Moderate
Unreviewed
CVE-2018-16838
was published
May 13, 2022
Improper Access Control in Elasticsearch
High
CVE-2019-7611
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 13, 2022
The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16...
Moderate
Unreviewed
CVE-2016-2167
was published
May 13, 2022
The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary...
High
Unreviewed
CVE-2016-9956
was published
May 13, 2022
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to...
Moderate
Unreviewed
CVE-2016-3020
was published
May 13, 2022
Moodle does not properly restrict access to category and course data
Moderate
CVE-2011-4300
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle is vulnerable to unauthorized new accounts creation
Moderate
CVE-2010-1616
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not consider "don't send" attributes during hub registration
Moderate
CVE-2013-2081
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows remote authenticated users to reassign notes
Moderate
CVE-2013-1834
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not enforce the forceloginforprofiles setting
Moderate
CVE-2013-1830
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to extract archives to arbitrary directories
Moderate
CVE-2015-2267
was published
for
moodle/moodle
(Composer)
May 13, 2022
In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services.
Moderate
Unreviewed
CVE-2016-8643
was published
May 13, 2022
Moodle Unauthenticated Access
Moderate
CVE-2016-8642
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Improper Access Control
Moderate
CVE-2016-3729
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Improper Access Control
Moderate
CVE-2016-3733
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle External function mod_assign_save_submission does not check due dates
Moderate
CVE-2016-2159
was published
for
moodle/moodle
(Composer)
May 13, 2022
It was found that system umask policy is not being honored when creating XDG user directories,...
High
Unreviewed
CVE-2017-15131
was published
May 13, 2022
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files...
High
Unreviewed
CVE-2015-3306
was published
May 13, 2022
The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not...
High
Unreviewed
CVE-2016-4979
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API