GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
35 advisories
Apache IoTDB JDBC Driver Discloses Sensitive Information via Log Files
Moderate
CVE-2025-26795
was published
for
org.apache.iotdb:iotdb-jdbc
(Maven)
May 14, 2025
Moodle has an IDOR in messaging web service which allows access to some user details
Moderate
CVE-2025-3645
was published
for
moodle/moodle
(Composer)
Apr 25, 2025
Moodle has reflected Cross-site Scripting risk in policy tool
Moderate
CVE-2025-3643
was published
for
moodle/moodle
(Composer)
Apr 25, 2025
Rancher users who can create Projects can gain access to arbitrary projects
High
CVE-2024-22031
was published
for
github.com/rancher/rancher
(Go)
Apr 25, 2025
io.jmix.localfs:jmix-localfs affected by DoS in the Local File Storage
Moderate
CVE-2025-32952
was published
for
io.jmix.localfs:jmix-localfs
(Maven)
Apr 22, 2025
io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API
Moderate
CVE-2025-32951
was published
for
io.jmix.rest:jmix-rest
(Maven)
Apr 22, 2025
io.jmix.localfs:jmix-localfs has a Path Traversal in Local File Storage
Moderate
CVE-2025-32950
was published
for
io.jmix.localfs:jmix-localfs
(Maven)
Apr 22, 2025
Elasticsearch Vulnerable to Stack Overflow due to a Large Recursion
Moderate
CVE-2024-52981
was published
for
org.elasticsearch:elasticsearch
(Maven)
Apr 8, 2025
Elasticsearch Potential Node Crash due to Large Recursion in `innerForbidCircularReferences` Function
Moderate
CVE-2024-52980
was published
for
org.elasticsearch:elasticsearch
(Maven)
Apr 8, 2025
Apache Pinot Vulnerable to Authentication Bypass
Critical
CVE-2024-56325
was published
for
org.apache.pinot:pinot-broker
(Maven)
Apr 1, 2025
Security Update for the OPC UA .NET Standard Stack
Moderate
CVE-2024-42512
was published
for
OPCFoundation.NetStandard.Opc.Ua.Core
(NuGet)
Mar 3, 2025
Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login
High
CVE-2025-23389
was published
for
github.com/rancher/rancher
(Go)
Feb 27, 2025
Rancher allows an unauthenticated stack overflow in /v3-public/authproviders API
High
CVE-2025-23388
was published
for
github.com/rancher/rancher
(Go)
Feb 27, 2025
Rancher's SAML-based login via CLI can be denied by unauthenticated users
Moderate
CVE-2025-23387
was published
for
github.com/rancher/rancher
(Go)
Feb 27, 2025
Moodle has a SQL injection risk in course search module list filter
High
CVE-2025-26533
was published
for
moodle/moodle
(Composer)
Feb 24, 2025
Improper Preservation of Permissions in xxl-job
High
CVE-2024-42681
was published
for
com.xuxueli:xxl-job-core
(Maven)
Aug 15, 2024
Moodle CSRF risk in analytics management of models
High
CVE-2024-34008
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Unsanitized HTML in site log for config_log_created
Moderate
CVE-2024-34006
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
High
CVE-2024-34005
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle CSRF risk in admin preset tool management of presets
High
CVE-2024-34001
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Cross-site Scripting (XSS)
Moderate
CVE-2024-34000
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle stored Cross-site Scripting (XSS)
Moderate
CVE-2024-33997
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Cross-site Scripting (XSS)
Moderate
CVE-2024-33998
was published
for
moodle/moodle
(Composer)
May 31, 2024
Xuxueli xxl-job template injection vulnerability
Low
CVE-2024-3366
was published
for
com.xuxueli:xxl-job-core
(Maven)
Apr 6, 2024
Elasticsearch Uncaught Exception leading to crash
Moderate
CVE-2024-23449
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 29, 2024
ProTip!
Advisories are also available from the
GraphQL API