Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

20,135 advisories

Loading
Paste Script has improper group memberships permissions Moderate
CVE-2012-0878 was published for pastescript (pip) May 17, 2022
phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page Low
CVE-2012-4345 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Django Allows Redirect via Data URL Moderate
CVE-2012-3442 was published for django (pip) May 17, 2022
Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer High
CVE-2012-3444 was published for Django (pip) May 17, 2022
sunSUNQ
Django Image Field Vulnerable to Image Decompression Bombs High
CVE-2012-3443 was published for Django (pip) May 17, 2022
MoinMoin Improper Access Control Moderate
CVE-2012-4404 was published for moin (pip) May 17, 2022
Zend Framework XXE Vulnerability Moderate
CVE-2012-5657 was published for zendframework/zendframework1 (Composer) May 17, 2022
Zend Framework XEE Vulnerability Moderate
CVE-2012-6532 was published for zendframework/zendframework1 (Composer) May 17, 2022
Django Allows Arbitrary URL Generation High
CVE-2012-4520 was published for django (pip) May 17, 2022
XML Entity Expansion (XEE) in Django Moderate
CVE-2013-1664 was published for Django (pip) May 17, 2022
MarkLee131
XML External Entity (XXE) in Django Moderate
CVE-2013-1665 was published for Django (pip) May 17, 2022
MarkLee131
TYPO3 SQL injection vulnerability in the Extbase Framework High
CVE-2013-1842 was published for typo3/cms-core (Composer) May 17, 2022
TYPO3 Open redirect vulnerability in the Access tracking mechanism Moderate
CVE-2013-1843 was published for typo3/cms-core (Composer) May 17, 2022
Apache Rave information disclosure vulnerability Moderate
CVE-2013-1814 was published for org.apache.rave:rave-core (Maven) May 17, 2022
q5438722
phpMyAdmin Global variables scope injection vulnerability Moderate
CVE-2013-4729 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Lift Sensitive Information Disclosure Moderate
CVE-2013-3300 was published for net.liftweb:lift-webkit (Maven) May 17, 2022
CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references High
CVE-2012-4399 was published for cakephp/cakephp (Composer) May 17, 2022
ravage84
phpMyAdmin Multiple cross-site scripting (XSS) vulnerabilities Moderate
CVE-2013-4997 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Rack-Cache caches sensitive headers Moderate
CVE-2012-2671 was published for rack-cache (RubyGems) May 17, 2022
Eucalyptus Unauthorized Access to CC/NC Log Files Moderate
CVE-2013-4766 was published for org.jclouds.api:eucalyptus (Maven) May 17, 2022
OpenStack Compute (Nova) Resource limit circumvention in Nova private flavors Low
CVE-2013-4278 was published for nova (pip) May 17, 2022
pyshop vulnerable to man-in-the-middle attacks due to using HTTP to retrieve packages from the PyPI repository Moderate
CVE-2013-1630 was published for pyshop (pip) May 17, 2022
graphite-web is vulnerable to Remote Code Execution via renderLocalView function Critical
CVE-2013-5093 was published for graphite-web (pip) May 17, 2022
graphite-web is vulnerable to Remote Code Execution Critical
CVE-2013-5942 was published for graphite-web (pip) May 17, 2022
Improper Neutralization of Input During Web Page Generation in JavaMelody Moderate
CVE-2013-4378 was published for net.bull.javamelody:javamelody-core (Maven) May 17, 2022
MarkLee131
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database