Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,536 advisories

Loading
NodeBB Cross-site Scripting Vulnerability in Markdown Processing Moderate
CVE-2015-3296 was published for nodebb (npm) May 17, 2022
Moodle sensitive information disclosure Moderate
CVE-2017-12157 was published for moodle/moodle (Composer) May 17, 2022
CodeIgniter and Kohana vulnerable to PHP Object Injection Critical
CVE-2014-8684 was published for codeigniter/framework (Composer) May 17, 2022
GeniXCMS Cross-site Scripting (XSS) via id parameter Moderate
CVE-2017-14762 was published for genix/cms (Composer) May 17, 2022
Deserialization of Untrusted Data in Apache Brooklyn High
CVE-2016-8744 was published for org.apache.brooklyn:brooklyn (Maven) May 17, 2022
Improper Neutralization of Input During Web Page Generation in IPython Moderate
CVE-2015-4706 was published for ipython (pip) May 17, 2022
GeniXCMS arbitrary PHP code execution High
CVE-2017-14764 was published for genix/cms (Composer) May 17, 2022
GeniXCMS Cross-site Scripting (XSS) vulnerability via id parameter Moderate
CVE-2017-14761 was published for genix/cms (Composer) May 17, 2022
GeniXCMS Cross-site Scripting (XSS) via the Menu ID field Moderate
CVE-2017-14765 was published for genix/cms (Composer) May 17, 2022
Django denial of service via empty session record creation Moderate
CVE-2015-5963 was published for django (pip) May 17, 2022
MarkLee131
Plone Cross-site Scripting Vulnerability Moderate
CVE-2015-7316 was published for plone (pip) May 17, 2022
Plone unauthorized member addition vulnerability Moderate
CVE-2015-7315 was published for Products.CMFPlone (pip) May 17, 2022
Plone Header Injection High
CVE-2015-7318 was published for plone (pip) May 17, 2022
IPython vulnerable to cross site request forgery (CSRF) High
CVE-2015-5607 was published for ipython (pip) May 17, 2022
eGroupware Community Edition Stored XSS vulnerability Moderate
CVE-2017-14920 was published for egroupware/egroupware (Composer) May 17, 2022
Plone vulnerable to cross-site request forgery High
CVE-2015-7293 was published for Plone (pip) May 17, 2022
SaltStack Salt Authentication Bypass when using the local_batch client from salt-api High
CVE-2017-5192 was published for salt (pip) May 17, 2022
Apache Geode gfsh query vulnerability Moderate
CVE-2017-9794 was published for org.apache.geode:geode-core (Maven) May 17, 2022
Laravel Sensitive Data Exposure Moderate
CVE-2017-14775 was published for illuminate/auth (Composer) May 17, 2022
G-Rath
Improper Restriction of XML External Entity Reference in Jelly Critical
CVE-2017-12621 was published for commons-jelly:commons-jelly (Maven) May 17, 2022
Jenkins Docker Commons Plugin allows any user with Overall/Read permission to get list of valid credentials IDs Moderate
CVE-2017-1000094 was published for org.jenkins-ci.plugins:docker-commons (Maven) May 17, 2022
Jenkins Poll SCM Plugin vulnerable to Cross-Site Request Forgery High
CVE-2017-1000093 was published for org.jenkins-ci.plugins:pollscm (Maven) May 17, 2022
Cross-Site Request Forgery in Jenkins Git Plugin High
CVE-2017-1000092 was published for org.jenkins-ci.plugins:git (Maven) May 17, 2022
Jenkins GitHub Branch Source Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2017-1000091 was published for org.jenkins-ci.plugins:github-branch-source (Maven) May 17, 2022
Exposure of Sensitive Information in Jenkins Datadog plugin Low
CVE-2017-1000114 was published for org.datadog.jenkins.plugins:datadog (Maven) May 17, 2022
ProTip! Advisories are also available from the GraphQL API