GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
20,135 advisories
Filter by severity
MoinMoin cross-site scripting (XSS) vulnerability
Moderate
CVE-2010-2969
was published
for
moin
(pip)
May 17, 2022
Zope Denial of Service (DoS) vulnerability in ZServer
Moderate
CVE-2010-3198
was published
for
Zope
(pip)
May 17, 2022
Mako contains Cross-site Scripting vulnerability
Moderate
CVE-2010-2480
was published
for
mako
(pip)
May 17, 2022
Drupal cross-site scripting vulnerability via actions feature and trigger module
Low
CVE-2010-3094
was published
for
drupal/drupal
(Composer)
May 17, 2022
Concurrent Execution using Shared Resource with Improper Synchronization in pyftpdlib
Moderate
CVE-2010-3494
was published
for
pyftpdlib
(pip)
May 17, 2022
Improper Authentication in pyftpdlib
High
CVE-2008-7263
was published
for
pyftpdlib
(pip)
May 17, 2022
Directory traversal in pyftpdlib
Moderate
CVE-2008-7262
was published
for
pyftpdlib
(pip)
May 17, 2022
Improper input validation in pyftpdlib
Moderate
CVE-2008-7264
was published
for
pyftpdlib
(pip)
May 17, 2022
TYPO3 cross-site scripting (XSS) vulnerability in the RemoveXSS function and the backend
Moderate
CVE-2010-3715
was published
for
typo3/cms-backend
(Composer)
May 17, 2022
Improper Authentication in Apache MyFaces
Moderate
CVE-2010-2057
was published
for
org.apache.myfaces.core:myfaces-impl
(Maven)
May 17, 2022
Cobbler is vulnerable to code injection
High
CVE-2010-2235
was published
for
cobbler
(pip)
May 17, 2022
Paste is vulnerable to Cross-site Scripting via vectors involving a 404 status code
Moderate
CVE-2010-2477
was published
for
paste
(pip)
May 17, 2022
Drools Improper Input Validation vulnerability allows remote attackers to execute arbitrary code in JBoss EAP
High
CVE-2010-3708
was published
for
org.drools:drools-core
(Maven)
May 17, 2022
CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code
High
CVE-2010-4335
was published
for
cakephp/cakephp
(Composer)
May 17, 2022
Zope Object Database Denial of Service vulnerability
Moderate
CVE-2010-3495
was published
for
zodb3
(pip)
May 17, 2022
phpMyAdmin unsafely handles temporary files
High
CVE-2008-7252
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
PyWebDAV SQL Injection vulnerability
High
CVE-2011-0432
was published
for
pywebdav
(pip)
May 17, 2022
Apache Struts Multiple XSS Vulnerabilities
Moderate
CVE-2011-2087
was published
for
org.apache.struts:struts2-parent
(Maven)
May 17, 2022
Fabric vulnerable to symlink attack on tmp files
Moderate
CVE-2011-2185
was published
for
fabric
(pip)
May 17, 2022
Apache Libcloud does not verify SSL certificates for HTTPS connections
High
CVE-2010-4340
was published
for
apache-libcloud
(pip)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient
Moderate
CVE-2011-1498
was published
for
org.apache.httpcomponents:httpclient
(Maven)
May 17, 2022
Plone anonymous access to sub-objects in CMFEditions where KwAsAttributes classes were publishable
High
CVE-2011-4030
was published
for
Plone
(pip)
May 17, 2022
OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled
Low
CVE-2011-4457
was published
for
com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API