GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,536 advisories
Filter by severity
NodeBB Cross-site Scripting Vulnerability in Markdown Processing
Moderate
CVE-2015-3296
was published
for
nodebb
(npm)
May 17, 2022
Moodle sensitive information disclosure
Moderate
CVE-2017-12157
was published
for
moodle/moodle
(Composer)
May 17, 2022
CodeIgniter and Kohana vulnerable to PHP Object Injection
Critical
CVE-2014-8684
was published
for
codeigniter/framework
(Composer)
May 17, 2022
GeniXCMS Cross-site Scripting (XSS) via id parameter
Moderate
CVE-2017-14762
was published
for
genix/cms
(Composer)
May 17, 2022
Deserialization of Untrusted Data in Apache Brooklyn
High
CVE-2016-8744
was published
for
org.apache.brooklyn:brooklyn
(Maven)
May 17, 2022
Improper Neutralization of Input During Web Page Generation in IPython
Moderate
CVE-2015-4706
was published
for
ipython
(pip)
May 17, 2022
GeniXCMS arbitrary PHP code execution
High
CVE-2017-14764
was published
for
genix/cms
(Composer)
May 17, 2022
GeniXCMS Cross-site Scripting (XSS) vulnerability via id parameter
Moderate
CVE-2017-14761
was published
for
genix/cms
(Composer)
May 17, 2022
GeniXCMS Cross-site Scripting (XSS) via the Menu ID field
Moderate
CVE-2017-14765
was published
for
genix/cms
(Composer)
May 17, 2022
Django denial of service via empty session record creation
Moderate
CVE-2015-5963
was published
for
django
(pip)
May 17, 2022
Plone Cross-site Scripting Vulnerability
Moderate
CVE-2015-7316
was published
for
plone
(pip)
May 17, 2022
Plone unauthorized member addition vulnerability
Moderate
CVE-2015-7315
was published
for
Products.CMFPlone
(pip)
May 17, 2022
IPython vulnerable to cross site request forgery (CSRF)
High
CVE-2015-5607
was published
for
ipython
(pip)
May 17, 2022
eGroupware Community Edition Stored XSS vulnerability
Moderate
CVE-2017-14920
was published
for
egroupware/egroupware
(Composer)
May 17, 2022
Plone vulnerable to cross-site request forgery
High
CVE-2015-7293
was published
for
Plone
(pip)
May 17, 2022
SaltStack Salt Authentication Bypass when using the local_batch client from salt-api
High
CVE-2017-5192
was published
for
salt
(pip)
May 17, 2022
Apache Geode gfsh query vulnerability
Moderate
CVE-2017-9794
was published
for
org.apache.geode:geode-core
(Maven)
May 17, 2022
Laravel Sensitive Data Exposure
Moderate
CVE-2017-14775
was published
for
illuminate/auth
(Composer)
May 17, 2022
Improper Restriction of XML External Entity Reference in Jelly
Critical
CVE-2017-12621
was published
for
commons-jelly:commons-jelly
(Maven)
May 17, 2022
Jenkins Docker Commons Plugin allows any user with Overall/Read permission to get list of valid credentials IDs
Moderate
CVE-2017-1000094
was published
for
org.jenkins-ci.plugins:docker-commons
(Maven)
May 17, 2022
Jenkins Poll SCM Plugin vulnerable to Cross-Site Request Forgery
High
CVE-2017-1000093
was published
for
org.jenkins-ci.plugins:pollscm
(Maven)
May 17, 2022
Cross-Site Request Forgery in Jenkins Git Plugin
High
CVE-2017-1000092
was published
for
org.jenkins-ci.plugins:git
(Maven)
May 17, 2022
Jenkins GitHub Branch Source Plugin vulnerable to Cross-Site Request Forgery
Moderate
CVE-2017-1000091
was published
for
org.jenkins-ci.plugins:github-branch-source
(Maven)
May 17, 2022
Exposure of Sensitive Information in Jenkins Datadog plugin
Low
CVE-2017-1000114
was published
for
org.datadog.jenkins.plugins:datadog
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API