GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,126
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,540 advisories
Filter by severity
OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user
Moderate
CVE-2013-2059
was published
for
keystone
(pip)
May 17, 2022
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Sling
Moderate
CVE-2013-2254
was published
for
org.apache.sling:org.apache.sling.api
(Maven)
May 17, 2022
Django Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget
Moderate
CVE-2013-4249
was published
for
django
(pip)
May 17, 2022
DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter
Moderate
CVE-2013-4649
was published
for
DotNetNuke.Core
(NuGet)
May 17, 2022
TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component
Low
CVE-2013-7074
was published
for
typo3/cms
(Composer)
May 17, 2022
TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework
Low
CVE-2013-7078
was published
for
typo3/cms-core
(Composer)
May 17, 2022
TYPO3 Flow Cross-site scripting (XSS) vulnerability
Moderate
CVE-2013-7082
was published
for
neos/flow
(Composer)
May 17, 2022
TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module
Moderate
CVE-2013-7077
was published
for
typo3/cms-core
(Composer)
May 17, 2022
OpenStack Nova Live migration can leak root disk into ephemeral storage
High
CVE-2013-7130
was published
for
nova
(pip)
May 17, 2022
RPLY Predictable Tmpfile Names Allows Cache Spoofing
Low
CVE-2014-1604
was published
for
RPLY
(pip)
May 17, 2022
pyxdg Arbitrary File Overwrite via Race Condition
Low
CVE-2014-1624
was published
for
pyxdg
(pip)
May 17, 2022
Jenkins directory traversal vulnerability
Moderate
CVE-2014-2059
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins cross-site scripting (XSS) vulnerability
Moderate
CVE-2014-2067
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Improper Restriction of XML External Entity Reference in Apache POI
Moderate
CVE-2014-3529
was published
for
org.apache.poi:poi
(Maven)
May 17, 2022
SaltStack Salt Insecure Temporary File Creation
High
CVE-2014-3563
was published
for
salt
(pip)
May 17, 2022
Jenkins Path Traversal vulnerability
Moderate
CVE-2014-3664
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Improper Input Validation in Apache POI
Moderate
CVE-2014-3574
was published
for
org.apache.poi:poi
(Maven)
May 17, 2022
SaltStack Salt Directory traversal vulnerability in minion id validation
Critical
CVE-2017-12791
was published
for
salt
(pip)
May 17, 2022
zend-diactoros Cross-site Scripting (XSS)
Moderate
CVE-2015-3257
was published
for
zendframework/zend-diactoros
(Composer)
May 17, 2022
Insecure cookie storage in Apache Atlas
Moderate
CVE-2017-3150
was published
for
org.apache.atlas:atlas-common
(Maven)
May 17, 2022
Path Traversal in Apache Atlas
High
CVE-2016-8752
was published
for
org.apache.atlas:atlas-common
(Maven)
May 17, 2022
Cross-site Scripting in Apache Atlas
Moderate
CVE-2017-3152
was published
for
org.apache.atlas:atlas-common
(Maven)
May 17, 2022
Cross-site Scripting in Apache Atlas
Moderate
CVE-2017-3153
was published
for
org.apache.atlas:atlas-common
(Maven)
May 17, 2022
SimpleSAMLphp Unauthenticated encryption in CBC mode
Moderate
CVE-2017-12870
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 17, 2022
SimpleSAMLphp Incorrect IV generation for encryption
Moderate
CVE-2017-12871
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API