GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
113,773 advisories
Filter by severity
Drupal access bypass vulnerability
Moderate
CVE-2017-6928
was published
for
drupal/core
(Composer)
May 13, 2022
Drupal core access bypass vulnerability
Moderate
CVE-2017-6922
was published
for
drupal/core
(Composer)
May 13, 2022
Drupal Core Cross-site scripting vulnerability
Moderate
CVE-2020-13688
was published
for
drupal/core
(Composer)
May 24, 2022
Drupal Core Access bypass vulnerability
Moderate
CVE-2020-13667
was published
for
drupal/core
(Composer)
May 24, 2022
Drupal Core Open Redirect vulnerability
Moderate
CVE-2020-13662
was published
for
drupal/core
(Composer)
May 24, 2022
Drupal Core Cross-site scripting vulnerability
Moderate
CVE-2020-13666
was published
for
drupal/core
(Composer)
May 24, 2022
Drupal CRLF injection vulnerability in the drupal_set_header function
Moderate
CVE-2016-3166
was published
for
drupal/core
(Composer)
May 17, 2022
Drupal Cross-site scripting (XSS) vulnerability
Moderate
CVE-2016-7571
was published
for
drupal/core
(Composer)
May 17, 2022
Drupal Unprivileged access to config export
Moderate
CVE-2016-7572
was published
for
drupal/core
(Composer)
May 17, 2022
Drupal sensitive information disclosure
Moderate
CVE-2016-9449
was published
for
drupal/core
(Composer)
May 17, 2022
Drupal cross site scripting vulnerability
Moderate
CVE-2017-6929
was published
for
drupal/core
(Composer)
May 14, 2022
Drupal external link injection vulnerability
Moderate
CVE-2017-6932
was published
for
drupal/core
(Composer)
May 14, 2022
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2024-21733
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 19, 2024
An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could...
Moderate
Unreviewed
CVE-2024-21972
was published
Apr 23, 2024
An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could...
Moderate
Unreviewed
CVE-2024-21979
was published
Apr 23, 2024
Joplin Cross Site Scripting Vulnerability via NOSCRIPT tags
Moderate
CVE-2021-33295
was published
for
joplin
(npm)
Jun 17, 2022
Joplin Vulnerable to Cross-site Scripting in Note Content
Moderate
CVE-2018-1000534
was published
for
joplin
(npm)
May 14, 2022
Joplin vulnerable to Cross-site Scripting in notes
Moderate
CVE-2021-37916
was published
for
joplin
(npm)
May 24, 2022
Keycloak users may be able to remove MFA from other users' devices
Moderate
CVE-2020-10686
was published
for
org.keycloak:keycloak-core
(Maven)
May 24, 2022
Keycloak Insufficient Session Expiry
Moderate
CVE-2020-1724
was published
for
org.keycloak:keycloak-core
(Maven)
May 24, 2022
OpenCart Path Traversal
Moderate
CVE-2018-11495
was published
for
opencart/opencart
(Composer)
May 14, 2022
QuickApps CMS Cross-site Scripting
Moderate
CVE-2017-1000495
was published
for
quickapps/cms
(Composer)
May 14, 2022
Paymorrow Improper Input Validation vulnerability
Moderate
CVE-2018-14020
was published
for
oxid-esales/paymorrow-module
(Composer)
May 13, 2022
Yab Quarx persistent cross-site scripting vulnerability
Moderate
CVE-2018-7274
was published
for
yab/quarx
(Composer)
May 13, 2022
Drupal file REST resource does not properly validate
Moderate
CVE-2017-6921
was published
for
drupal/core
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API