Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,126
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,540 advisories

Loading
OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user Moderate
CVE-2013-2059 was published for keystone (pip) May 17, 2022
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Sling Moderate
CVE-2013-2254 was published for org.apache.sling:org.apache.sling.api (Maven) May 17, 2022
Django Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget Moderate
CVE-2013-4249 was published for django (pip) May 17, 2022
DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter Moderate
CVE-2013-4649 was published for DotNetNuke.Core (NuGet) May 17, 2022
TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component Low
CVE-2013-7074 was published for typo3/cms (Composer) May 17, 2022
TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework Low
CVE-2013-7078 was published for typo3/cms-core (Composer) May 17, 2022
TYPO3 Flow Cross-site scripting (XSS) vulnerability Moderate
CVE-2013-7082 was published for neos/flow (Composer) May 17, 2022
TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module Moderate
CVE-2013-7077 was published for typo3/cms-core (Composer) May 17, 2022
OpenStack Nova Live migration can leak root disk into ephemeral storage High
CVE-2013-7130 was published for nova (pip) May 17, 2022
RPLY Predictable Tmpfile Names Allows Cache Spoofing Low
CVE-2014-1604 was published for RPLY (pip) May 17, 2022
pyxdg Arbitrary File Overwrite via Race Condition Low
CVE-2014-1624 was published for pyxdg (pip) May 17, 2022
Jenkins directory traversal vulnerability Moderate
CVE-2014-2059 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins cross-site scripting (XSS) vulnerability Moderate
CVE-2014-2067 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Improper Restriction of XML External Entity Reference in Apache POI Moderate
CVE-2014-3529 was published for org.apache.poi:poi (Maven) May 17, 2022
MarkLee131
SaltStack Salt Insecure Temporary File Creation High
CVE-2014-3563 was published for salt (pip) May 17, 2022
Jenkins Path Traversal vulnerability Moderate
CVE-2014-3664 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Improper Input Validation in Apache POI Moderate
CVE-2014-3574 was published for org.apache.poi:poi (Maven) May 17, 2022
MarkLee131
SaltStack Salt Directory traversal vulnerability in minion id validation Critical
CVE-2017-12791 was published for salt (pip) May 17, 2022
zend-diactoros Cross-site Scripting (XSS) Moderate
CVE-2015-3257 was published for zendframework/zend-diactoros (Composer) May 17, 2022
Insecure cookie storage in Apache Atlas Moderate
CVE-2017-3150 was published for org.apache.atlas:atlas-common (Maven) May 17, 2022
Path Traversal in Apache Atlas High
CVE-2016-8752 was published for org.apache.atlas:atlas-common (Maven) May 17, 2022
Cross-site Scripting in Apache Atlas Moderate
CVE-2017-3152 was published for org.apache.atlas:atlas-common (Maven) May 17, 2022
Cross-site Scripting in Apache Atlas Moderate
CVE-2017-3153 was published for org.apache.atlas:atlas-common (Maven) May 17, 2022
SimpleSAMLphp Unauthenticated encryption in CBC mode Moderate
CVE-2017-12870 was published for simplesamlphp/simplesamlphp (Composer) May 17, 2022
SimpleSAMLphp Incorrect IV generation for encryption Moderate
CVE-2017-12871 was published for simplesamlphp/simplesamlphp (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API