GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,793
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,947
npm
3,475
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,000 advisories
Filter by severity
Ansible Arbitrary File Overwrite Vulnerability
Low
CVE-2013-4260
was published
for
ansible
(pip)
May 14, 2022
Ruby OpenSSL DoS Vulnerability
High
CVE-2017-14033
was published
for
openssl
(RubyGems)
May 14, 2022
ThinkPHP SQL Injection vulnerability
Critical
CVE-2018-16385
was published
for
topthink/framework
(Composer)
May 14, 2022
ChakraCore information disclosure vulnerability
Moderate
CVE-2018-8315
was published
for
Microsoft.ChakraCore
(NuGet)
May 14, 2022
Pimcore XSS Vulnerability
Moderate
CVE-2018-14059
was published
for
pimcore/pimcore
(Composer)
May 14, 2022
XML External Entity Reference in Apache Cayenne
High
CVE-2018-11758
was published
for
org.apache.cayenne:cayenne-parent
(Maven)
May 14, 2022
Improper Neutralization of Input During Web Page Generation in Dojo Dojo Objective Harness
Moderate
CVE-2018-1000665
was published
for
org.dojotoolkit:dojo
(Maven)
May 14, 2022
Subrion Cross-site scripting (XSS) vulnerability
Moderate
CVE-2017-10795
was published
for
intelliants/subrion
(Composer)
May 14, 2022
Subrion CMS CSRF Vulnerability
High
CVE-2017-15063
was published
for
intelliants/subrion
(Composer)
May 14, 2022
Auth0-ASPNET and Auth0-ASPNET-Owin vulnerable to Cross-Site Request Forgery
High
CVE-2018-15121
was published
for
Auth0-ASPNET-Owin
(NuGet)
May 14, 2022
Subrion CMS PHP Object Injection
Critical
CVE-2017-5543
was published
for
intelliants/subrion
(Composer)
May 14, 2022
Subrion CMS Cross-site scripting in search
Moderate
CVE-2014-9120
was published
for
intelliants/subrion
(Composer)
May 14, 2022
Subrion CMS Cross-site Scripting
Moderate
CVE-2018-14840
was published
for
intelliants/subrion
(Composer)
May 14, 2022
Subrion CMS Stored Cross-site Scripting (XSS)
Moderate
CVE-2018-15563
was published
for
intelliants/subrion
(Composer)
May 14, 2022
Subrion Cross-site Scripting (XSS)
Moderate
CVE-2018-16327
was published
for
intelliants/subrion
(Composer)
May 14, 2022
Wallabag cross-site scripting (XSS) vulnerability
Moderate
CVE-2018-11352
was published
for
wallabag/wallabag
(Composer)
May 14, 2022
Mingsoft MCMS CSRF vulnerability
High
CVE-2018-17366
was published
for
net.mingsoft:ms-mcms
(Maven)
May 14, 2022
OpenStack Nova Long server names grow nova-api log files significantly
Moderate
CVE-2012-1585
was published
for
nova
(pip)
May 14, 2022
XWiki XSS Vulnerability
Moderate
CVE-2018-16277
was published
for
org.xwiki.platform:xwiki-platform
(Maven)
May 14, 2022
OpenStack Nova Denial of Service in network source security groups
Moderate
CVE-2013-4185
was published
for
nova
(pip)
May 14, 2022
OpenStack Compute (Nova) Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2014-3517
was published
for
nova
(pip)
May 14, 2022
OpenStack Nova Multiple directory traversal vulnerabilities
Moderate
CVE-2011-4596
was published
for
nova
(pip)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API