GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
20,135 advisories
Filter by severity
Paste Script has improper group memberships permissions
Moderate
CVE-2012-0878
was published
for
pastescript
(pip)
May 17, 2022
phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page
Low
CVE-2012-4345
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Django Allows Redirect via Data URL
Moderate
CVE-2012-3442
was published
for
django
(pip)
May 17, 2022
Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer
High
CVE-2012-3444
was published
for
Django
(pip)
May 17, 2022
Django Image Field Vulnerable to Image Decompression Bombs
High
CVE-2012-3443
was published
for
Django
(pip)
May 17, 2022
Zend Framework XXE Vulnerability
Moderate
CVE-2012-5657
was published
for
zendframework/zendframework1
(Composer)
May 17, 2022
Zend Framework XEE Vulnerability
Moderate
CVE-2012-6532
was published
for
zendframework/zendframework1
(Composer)
May 17, 2022
Django Allows Arbitrary URL Generation
High
CVE-2012-4520
was published
for
django
(pip)
May 17, 2022
XML Entity Expansion (XEE) in Django
Moderate
CVE-2013-1664
was published
for
Django
(pip)
May 17, 2022
XML External Entity (XXE) in Django
Moderate
CVE-2013-1665
was published
for
Django
(pip)
May 17, 2022
TYPO3 SQL injection vulnerability in the Extbase Framework
High
CVE-2013-1842
was published
for
typo3/cms-core
(Composer)
May 17, 2022
TYPO3 Open redirect vulnerability in the Access tracking mechanism
Moderate
CVE-2013-1843
was published
for
typo3/cms-core
(Composer)
May 17, 2022
Apache Rave information disclosure vulnerability
Moderate
CVE-2013-1814
was published
for
org.apache.rave:rave-core
(Maven)
May 17, 2022
phpMyAdmin Global variables scope injection vulnerability
Moderate
CVE-2013-4729
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Lift Sensitive Information Disclosure
Moderate
CVE-2013-3300
was published
for
net.liftweb:lift-webkit
(Maven)
May 17, 2022
CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references
High
CVE-2012-4399
was published
for
cakephp/cakephp
(Composer)
May 17, 2022
phpMyAdmin Multiple cross-site scripting (XSS) vulnerabilities
Moderate
CVE-2013-4997
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Rack-Cache caches sensitive headers
Moderate
CVE-2012-2671
was published
for
rack-cache
(RubyGems)
May 17, 2022
Eucalyptus Unauthorized Access to CC/NC Log Files
Moderate
CVE-2013-4766
was published
for
org.jclouds.api:eucalyptus
(Maven)
May 17, 2022
OpenStack Compute (Nova) Resource limit circumvention in Nova private flavors
Low
CVE-2013-4278
was published
for
nova
(pip)
May 17, 2022
pyshop vulnerable to man-in-the-middle attacks due to using HTTP to retrieve packages from the PyPI repository
Moderate
CVE-2013-1630
was published
for
pyshop
(pip)
May 17, 2022
graphite-web is vulnerable to Remote Code Execution via renderLocalView function
Critical
CVE-2013-5093
was published
for
graphite-web
(pip)
May 17, 2022
graphite-web is vulnerable to Remote Code Execution
Critical
CVE-2013-5942
was published
for
graphite-web
(pip)
May 17, 2022
Improper Neutralization of Input During Web Page Generation in JavaMelody
Moderate
CVE-2013-4378
was published
for
net.bull.javamelody:javamelody-core
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API