Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

20,135 advisories

Loading
Celery local privilege escalation vulnerability Moderate
CVE-2011-4356 was published for celery (pip) May 17, 2022
Denial of Service in Apache ActiveMQ Moderate
CVE-2011-4905 was published for org.apache.activemq:activemq-core (Maven) May 17, 2022
sunSUNQ
Cross-site Scripting in Apache Struts Low
CVE-2011-1772 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
Virtualenv Allows Symlink Attack on /tmp/ Low
CVE-2011-4617 was published for virtualenv (pip) May 17, 2022
phpMyAdmin Open Redirect in redirector Moderate
CVE-2011-1941 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests Moderate
CVE-2011-3375 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Ejabberd DoS via malformed stanza Moderate
CVE-2011-4320 was published for ejabberd (Erlang) May 17, 2022
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file Moderate
CVE-2011-3712 was published for cakephp/cakephp (Composer) May 17, 2022
ravage84
Spree does not properly restrict the use of a hash to provide values for a model's attributes Moderate
CVE-2008-7310 was published for spree (RubyGems) May 17, 2022
Spree uses a hardcoded hash value Moderate
CVE-2008-7311 was published for spree (RubyGems) May 17, 2022
DOMPDF Remote File Inclusion Vulnerability High
CVE-2010-4879 was published for dompdf/dompdf (Composer) May 17, 2022
Roundup Cross-site Scripting (XSS) vulnerability Moderate
CVE-2010-2491 was published for roundup (pip) May 17, 2022
TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism High
CVE-2010-3714 was published for typo3/cms (Composer) May 17, 2022
Apache Sling POST Servlets Denial of Service Vulnerability Moderate
CVE-2012-2138 was published for org.apache.sling:org.apache.sling.servlets.post (Maven) May 17, 2022
Cobbler subject to Command Injection High
CVE-2012-2395 was published for cobbler (pip) May 17, 2022
Chef Improper Access Control vulnerability Moderate
CVE-2010-5142 was published for chef (RubyGems) May 17, 2022
OpenStack Nova Arbitrary file injection/corruption through directory traversal issues Moderate
CVE-2012-3361 was published for nova (pip) May 17, 2022
OpenStack Nova Directory traversal vulnerability Moderate
CVE-2012-3360 was published for nova (pip) May 17, 2022
phpMyAdmin Multiple XSS Vulnerabilities Low
CVE-2012-4579 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
OpenStack Nova Scheduler denial of service through scheduler_hints Low
CVE-2012-3371 was published for Nova (pip) May 17, 2022
Elixir can leak information due to weak use of crypto High
CVE-2012-2146 was published for Elixir (pip) May 17, 2022
Tornado CRLF injection vulnerability Moderate
CVE-2012-2374 was published for tornado (pip) May 17, 2022
Typo3 Backend XSS Vulnerabilities Low
CVE-2012-1606 was published for typo3/cms (Composer) May 17, 2022
Typo3 API XSS Vulnerabilities Moderate
CVE-2012-1608 was published for typo3/cms (Composer) May 17, 2022
Typo3 Extbase Framework Unsafe Deserialization Moderate
CVE-2012-1605 was published for typo3/cms (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database