GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
222 advisories
Filter by severity
Moodle does not check for the moodle/course:viewhiddencourses capability
Moderate
CVE-2014-0217
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Information Disclosure
Moderate
CVE-2017-7531
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle sensitive information disclosure
Moderate
CVE-2015-5340
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle uses predictable password-recovery tokens
High
CVE-2015-5267
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to obtain sensitive course-structure information
Moderate
CVE-2015-3180
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to obtain sensitive personal-contact and unread-message-count information
Moderate
CVE-2015-2266
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers obtain full-name information
Moderate
CVE-2015-3176
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attacks to obtain sensitive information
Moderate
CVE-2014-7848
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to obtain sensitive calendar-event information
Moderate
CVE-2015-0215
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to obtain sensitive information
Moderate
CVE-2015-0211
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to obtain sensitive information
Moderate
CVE-2014-7833
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle exposes hidden grades to students
Moderate
CVE-2014-7831
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows remote attackers to read arbitrary files
Moderate
CVE-2014-3542
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle sensitive information disclosure
Moderate
CVE-2016-5014
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle sensitive information disclosure
Moderate
CVE-2016-0724
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to discover hidden course names
Moderate
CVE-2016-2154
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to discover student e-mail addresses
Moderate
CVE-2016-2151
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle allows attackers to obtain sensitive category-detail information
Moderate
CVE-2016-2158
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle provides calendar-event data without considering whether an activity is hidden
Moderate
CVE-2016-2156
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle sensitive information disclosure
Moderate
CVE-2016-3732
was published
for
moodle/moodle
(Composer)
May 13, 2022
Sensitive Data Exposure in elFinder
Moderate
CVE-2019-5884
was published
for
studio-42/elfinder
(Composer)
May 13, 2022
TYPO3 Backend Discloses Encryption Key
Moderate
CVE-2009-3628
was published
for
typo3/cms-backend
(Composer)
May 2, 2022
Moodle included private user files in course backups
Moderate
CVE-2012-1159
was published
for
moodle/moodle
(Composer)
Apr 23, 2022
Typo3 Information Disclosure
Moderate
CVE-2011-4900
was published
for
typo3/cms
(Composer)
Apr 22, 2022
Typo3 Arbitrary Information Disclosure
Moderate
CVE-2011-4901
was published
for
typo3/cms
(Composer)
Apr 22, 2022
ProTip!
Advisories are also available from the
GraphQL API