GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,388 advisories
Filter by severity
OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service
Moderate
CVE-2015-5286
was published
for
glance
(pip)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop
Moderate
CVE-2015-1776
was published
for
org.apache.hadoop:hadoop-common
(Maven)
May 17, 2022
OpenStack keystonemiddleware does not verify certificate
Moderate
CVE-2014-7144
was published
for
keystonemiddleware
(pip)
May 17, 2022
Typo3 Open Redirect In Frontend Rendering
Moderate
CVE-2014-9508
was published
for
typo3/cms
(Composer)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Direct Web Remoting
Moderate
CVE-2014-5325
was published
for
org.directwebremoting:dwr
(Maven)
May 17, 2022
TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component
Moderate
CVE-2013-7073
was published
for
typo3/cms
(Composer)
May 17, 2022
PyWBEM TOCTOU vulnerability in certificate validation
Moderate
CVE-2013-6444
was published
for
pywbem
(pip)
May 17, 2022
PyWBEM TOCTOU vulnerability in certificate validation
Moderate
CVE-2013-6418
was published
for
pywbem
(pip)
May 17, 2022
PHP OpenID Library Denial of Service vulnerability
High
CVE-2013-4701
was published
for
openid/php-openid
(Composer)
May 17, 2022
Improper Authentication in Apache ActiveMQ
Moderate
CVE-2013-3060
was published
for
org.apache.activemq:activemq-client
(Maven)
May 17, 2022
SimpleGeo python-oauth2 vulnerable to the use of Insufficiently Random Values to generate nonces
Low
CVE-2013-4347
was published
for
oauth2
(pip)
May 17, 2022
SimpleGeo python-oauth2 does not check the nonce allowing replay attacks
Moderate
CVE-2013-4346
was published
for
oauth2
(pip)
May 17, 2022
Apache ActiveMQ default configuration subject to denial of service
Moderate
CVE-2012-6551
was published
for
org.apache.activemq:activemq-web-demo
(Maven)
May 17, 2022
Apache ActiveMQ Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet
Moderate
CVE-2013-1880
was published
for
org.apache.activemq:activemq-core
(Maven)
May 17, 2022
Cross-site Scripting in Apache ActiveMQ
Moderate
CVE-2012-6092
was published
for
org.apache.activemq:activemq-core
(Maven)
May 17, 2022
Deserialization of Untrusted Data in Apache Tomcat
High
CVE-2013-2185
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Drupal Unprivileged access to config export
Moderate
CVE-2016-7572
was published
for
drupal/core
(Composer)
May 17, 2022
Drupal Cross-site scripting (XSS) vulnerability
Moderate
CVE-2016-7571
was published
for
drupal/core
(Composer)
May 17, 2022
Drupal Users without "Administer comments" can set comment visibility on nodes they can edit
Moderate
CVE-2016-7570
was published
for
drupal/core
(Composer)
May 17, 2022
Apache Jackrabbit Authentication Hijacking Vulnerability
High
CVE-2016-6801
was published
for
org.apache.jackrabbit:jackrabbit-webdav
(Maven)
May 17, 2022
Tryton allows users to read the hashed password
Moderate
CVE-2016-1241
was published
for
trytond
(pip)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
Moderate
CVE-2016-6345
was published
for
org.jboss.resteasy:resteasy-client
(Maven)
May 17, 2022
Eugene Pankov Ajenti Cross-site scripting Vulnerabilities
Moderate
CVE-2014-4301
was published
for
ajenti
(pip)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Requests
Moderate
CVE-2014-1829
was published
for
requests
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API