GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
20,135 advisories
Filter by severity
Celery local privilege escalation vulnerability
Moderate
CVE-2011-4356
was published
for
celery
(pip)
May 17, 2022
Denial of Service in Apache ActiveMQ
Moderate
CVE-2011-4905
was published
for
org.apache.activemq:activemq-core
(Maven)
May 17, 2022
Cross-site Scripting in Apache Struts
Low
CVE-2011-1772
was published
for
org.apache.struts:struts2-core
(Maven)
May 17, 2022
Virtualenv Allows Symlink Attack on /tmp/
Low
CVE-2011-4617
was published
for
virtualenv
(pip)
May 17, 2022
phpMyAdmin Open Redirect in redirector
Moderate
CVE-2011-1941
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests
Moderate
CVE-2011-3375
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Ejabberd DoS via malformed stanza
Moderate
CVE-2011-4320
was published
for
ejabberd
(Erlang)
May 17, 2022
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file
Moderate
CVE-2011-3712
was published
for
cakephp/cakephp
(Composer)
May 17, 2022
Spree does not properly restrict the use of a hash to provide values for a model's attributes
Moderate
CVE-2008-7310
was published
for
spree
(RubyGems)
May 17, 2022
Spree uses a hardcoded hash value
Moderate
CVE-2008-7311
was published
for
spree
(RubyGems)
May 17, 2022
DOMPDF Remote File Inclusion Vulnerability
High
CVE-2010-4879
was published
for
dompdf/dompdf
(Composer)
May 17, 2022
Roundup Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2010-2491
was published
for
roundup
(pip)
May 17, 2022
TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism
High
CVE-2010-3714
was published
for
typo3/cms
(Composer)
May 17, 2022
Apache Sling POST Servlets Denial of Service Vulnerability
Moderate
CVE-2012-2138
was published
for
org.apache.sling:org.apache.sling.servlets.post
(Maven)
May 17, 2022
Cobbler subject to Command Injection
High
CVE-2012-2395
was published
for
cobbler
(pip)
May 17, 2022
Chef Improper Access Control vulnerability
Moderate
CVE-2010-5142
was published
for
chef
(RubyGems)
May 17, 2022
OpenStack Nova Arbitrary file injection/corruption through directory traversal issues
Moderate
CVE-2012-3361
was published
for
nova
(pip)
May 17, 2022
OpenStack Nova Directory traversal vulnerability
Moderate
CVE-2012-3360
was published
for
nova
(pip)
May 17, 2022
phpMyAdmin Multiple XSS Vulnerabilities
Low
CVE-2012-4579
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
OpenStack Nova Scheduler denial of service through scheduler_hints
Low
CVE-2012-3371
was published
for
Nova
(pip)
May 17, 2022
Elixir can leak information due to weak use of crypto
High
CVE-2012-2146
was published
for
Elixir
(pip)
May 17, 2022
Tornado CRLF injection vulnerability
Moderate
CVE-2012-2374
was published
for
tornado
(pip)
May 17, 2022
Typo3 Backend XSS Vulnerabilities
Low
CVE-2012-1606
was published
for
typo3/cms
(Composer)
May 17, 2022
Typo3 API XSS Vulnerabilities
Moderate
CVE-2012-1608
was published
for
typo3/cms
(Composer)
May 17, 2022
Typo3 Extbase Framework Unsafe Deserialization
Moderate
CVE-2012-1605
was published
for
typo3/cms
(Composer)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API