GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
4,723 advisories
Moodle has reflected Cross-site Scripting risk in policy tool
Moderate
CVE-2025-3643
was published
for
moodle/moodle
(Composer)
Apr 25, 2025
Moodle has an IDOR in messaging web service which allows access to some user details
Moderate
CVE-2025-3645
was published
for
moodle/moodle
(Composer)
Apr 25, 2025
Moodle has a SQL injection risk in course search module list filter
High
CVE-2025-26533
was published
for
moodle/moodle
(Composer)
Feb 24, 2025
Moodle vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2013-4522
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Incorrect Authorization vulnerability
High
CVE-2020-14321
was published
for
moodle/moodle
(Composer)
Aug 17, 2022
The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding
High
CVE-2025-27773
was published
for
simplesamlphp/saml2
(Composer)
Mar 11, 2025
Shopware 6 allows attackers to check for registered accounts through the store-api
Moderate
CVE-2025-30150
was published
for
shopware/core
(Composer)
Apr 8, 2025
Kirby vulnerable to path traversal of snippet names in the `snippet()` helper
Moderate
CVE-2025-30159
was published
for
getkirby/kirby
(Composer)
May 13, 2025
MantisBT vulnerable to information disclosure with user profiles
Moderate
CVE-2024-45792
was published
for
mantisbt/mantisbt
(Composer)
Sep 30, 2024
Sulu vulnerable to XXE in SVG File upload Inspector
Moderate
CVE-2025-47778
was published
for
sulu/sulu
(Composer)
May 15, 2025
Cross-site scripting in ThinkAdmin
Moderate
CVE-2020-29315
was published
for
zoujingli/thinkadmin
(Composer)
May 6, 2021
ThinkAdmin insecure unserialize vulnerability
Critical
CVE-2020-23653
was published
for
zoujingli/thinkadmin
(Composer)
May 24, 2022
Moodle stored Cross-site Scripting (XSS)
Moderate
CVE-2024-33997
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Unsanitized HTML in site log for config_log_created
Moderate
CVE-2024-34006
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle CSRF risk in admin preset tool management of presets
High
CVE-2024-34001
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Cross-site Scripting (XSS)
Moderate
CVE-2024-33998
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle CSRF risk in analytics management of models
High
CVE-2024-34008
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Cross-site Scripting (XSS)
Moderate
CVE-2024-34000
was published
for
moodle/moodle
(Composer)
May 31, 2024
ProTip!
Advisories are also available from the
GraphQL API