GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
131 advisories
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue
High
CVE-2019-12331
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 20, 2019
XXE in PHPSpreadsheet due to encoding issue
High
CVE-2018-19277
was published
for
phpoffice/phpspreadsheet
(Composer)
Nov 20, 2019
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
Critical
CVE-2014-4172
was published
for
DotNetCasClient
(Composer)
May 17, 2022
Moodle cross-site scripting (XSS) vulnerabilities
Moderate
CVE-2013-7341
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Improper Access Control
Moderate
CVE-2016-3733
was published
for
moodle/moodle
(Composer)
May 13, 2022
Improper Access Control in moodle
High
CVE-2020-25698
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Moodle context freezing
Moderate
CVE-2019-3852
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows discovery of an author's username
Moderate
CVE-2014-3617
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site scripting (XSS) vulnerability
Moderate
CVE-2014-0218
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle vulnerable to PHP object injection attacks
High
CVE-2014-3541
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site request forgery (CSRF) vulnerability
Moderate
CVE-2015-0218
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle External function mod_assign_save_submission does not check due dates
Moderate
CVE-2016-2159
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle XSS from profile fields from external db
Moderate
CVE-2016-2152
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle all messaging conversations could be viewed
High
CVE-2019-10154
was published
for
moodle/moodle
(Composer)
May 24, 2022
Moodle allows attackers to discover hidden course names
Moderate
CVE-2016-2154
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to obtain sensitive category-detail information
Moderate
CVE-2016-2158
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to modify "Exclude grade" settings
Moderate
CVE-2016-2155
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to discover student e-mail addresses
Moderate
CVE-2016-2151
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site request forgery (CSRF) vulnerability
High
CVE-2016-2157
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle provides calendar-event data without considering whether an activity is hidden
Moderate
CVE-2016-2156
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to bypass intended access restrictions
Moderate
CVE-2015-5342
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to read SCORM contents
Moderate
CVE-2015-5341
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle does not properly implement group-based access restrictions
Moderate
CVE-2015-5339
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle multiple cross-site request forgery (CSRF) vulnerabilities
High
CVE-2015-5338
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle multiple cross-site scripting (XSS) vulnerabilities
Moderate
CVE-2015-5336
was published
for
moodle/moodle
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API