Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

20,135 advisories

Loading
MoinMoin cross-site scripting (XSS) vulnerability Moderate
CVE-2010-2969 was published for moin (pip) May 17, 2022
Zope Denial of Service (DoS) vulnerability in ZServer Moderate
CVE-2010-3198 was published for Zope (pip) May 17, 2022
Mako contains Cross-site Scripting vulnerability Moderate
CVE-2010-2480 was published for mako (pip) May 17, 2022
Drupal cross-site scripting vulnerability via actions feature and trigger module Low
CVE-2010-3094 was published for drupal/drupal (Composer) May 17, 2022
Concurrent Execution using Shared Resource with Improper Synchronization in pyftpdlib Moderate
CVE-2010-3494 was published for pyftpdlib (pip) May 17, 2022
Improper Authentication in pyftpdlib High
CVE-2008-7263 was published for pyftpdlib (pip) May 17, 2022
Directory traversal in pyftpdlib Moderate
CVE-2008-7262 was published for pyftpdlib (pip) May 17, 2022
Improper input validation in pyftpdlib Moderate
CVE-2008-7264 was published for pyftpdlib (pip) May 17, 2022
TYPO3 cross-site scripting (XSS) vulnerability in the RemoveXSS function and the backend Moderate
CVE-2010-3715 was published for typo3/cms-backend (Composer) May 17, 2022
Improper Authentication in Apache MyFaces Moderate
CVE-2010-2057 was published for org.apache.myfaces.core:myfaces-impl (Maven) May 17, 2022
Cobbler is vulnerable to code injection High
CVE-2010-2235 was published for cobbler (pip) May 17, 2022
Paste is vulnerable to Cross-site Scripting via vectors involving a 404 status code Moderate
CVE-2010-2477 was published for paste (pip) May 17, 2022
Drools Improper Input Validation vulnerability allows remote attackers to execute arbitrary code in JBoss EAP High
CVE-2010-3708 was published for org.drools:drools-core (Maven) May 17, 2022
CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code High
CVE-2010-4335 was published for cakephp/cakephp (Composer) May 17, 2022
ravage84
Zope Object Database Denial of Service vulnerability Moderate
CVE-2010-3495 was published for zodb3 (pip) May 17, 2022
phpMyAdmin unsafely handles temporary files High
CVE-2008-7252 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
PyWebDAV SQL Injection vulnerability High
CVE-2011-0432 was published for pywebdav (pip) May 17, 2022
Apache Struts Multiple XSS Vulnerabilities Moderate
CVE-2011-2087 was published for org.apache.struts:struts2-parent (Maven) May 17, 2022
Plone XSS Vulnerability Moderate
CVE-2011-1340 was published for plone (pip) May 17, 2022
Fabric vulnerable to symlink attack on tmp files Moderate
CVE-2011-2185 was published for fabric (pip) May 17, 2022
Apache Libcloud does not verify SSL certificates for HTTPS connections High
CVE-2010-4340 was published for apache-libcloud (pip) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient Moderate
CVE-2011-1498 was published for org.apache.httpcomponents:httpclient (Maven) May 17, 2022
MarkLee131
Zope Command Execution Vulnerability High
CVE-2011-3587 was published for zope2 (pip) May 17, 2022
Plone anonymous access to sub-objects in CMFEditions where KwAsAttributes classes were publishable High
CVE-2011-4030 was published for Plone (pip) May 17, 2022
OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled Low
CVE-2011-4457 was published for com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer (Maven) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database