Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,370 advisories

Loading
Cross-site Scripting in Apache Jetspeed Moderate
CVE-2016-0712 was published for org.apache.portals.jetspeed-2:jetspeed (Maven) May 17, 2022
Roundup sensitive data disclosure vulnerability Moderate
CVE-2014-6276 was published for roundup (pip) May 17, 2022
Path Traversal in Apache Jetspeed High
CVE-2016-0709 was published for org.apache.portals.jetspeed-2:jetspeed (Maven) May 17, 2022
Apache Ranger Access Restriction Bypass High
CVE-2016-0735 was published for org.apache.ranger:ranger (Maven) May 17, 2022
r3kumar
Drupal Open redirect vulnerability in the drupal_goto function High
CVE-2016-3167 was published for drupal/core (Composer) May 17, 2022
OpenStack TripleO Heat templates spoof metadata requests High
CVE-2015-5303 was published for tripleo-heat-templates (pip) May 17, 2022
Drupal Brute force amplification attacks via XML-RPC High
CVE-2016-3163 was published for drupal/core (Composer) May 17, 2022
Drupal sensitive information disclosure Moderate
CVE-2016-3170 was published for drupal/core (Composer) May 17, 2022
Drupal Reflected file download vulnerability Moderate
CVE-2016-3168 was published for drupal/core (Composer) May 17, 2022
Drupal saving user accounts can sometimes grant the user all roles High
CVE-2016-3169 was published for drupal/core (Composer) May 17, 2022
Drupal Form API ignores access restrictions on submit buttons High
CVE-2016-3165 was published for drupal/core (Composer) May 17, 2022
Drupal Open Redirect High
CVE-2016-3164 was published for drupal/core (Composer) May 17, 2022
Drupal CRLF injection vulnerability in the drupal_set_header function Moderate
CVE-2016-3166 was published for drupal/core (Composer) May 17, 2022
phpMyAdmin cross-site scripting Vulnerability via ENUM value Low
CVE-2014-7217 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Improper Neutralization of Input During Web Page Generation in Apache Solr Moderate
CVE-2015-8797 was published for org.apache.solr:solr-core (Maven) May 17, 2022
Improper Neutralization of Input During Web Page Generation in Apache Solr Moderate
CVE-2015-8795 was published for org.apache.solr:solr-core (Maven) May 17, 2022
Dolibarr ERP and CRM contain XSS Vulnerabilities Moderate
CVE-2016-1912 was published for dolibarr/dolibarr (Composer) May 17, 2022
Typo3 XSS Vulnerability Moderate
CVE-2015-8755 was published for typo3/cms (Composer) May 17, 2022
Joomla! Framework Remote Code Injection Vulnerability High
CVE-2015-8566 was published for joomla/session (Composer) May 17, 2022
Insecure Temporary File in Jinja2 Moderate
CVE-2014-0012 was published for Jinja2 (pip) May 17, 2022
Plone denial of service via Caching Bypass Moderate
CVE-2012-5498 was published for plone (pip) May 17, 2022
Cross-site Scripting in SmartyException Moderate
CVE-2012-4437 was published for smarty/smarty (Composer) May 17, 2022
OpenStack Identity (Keystone) DoS through V3 API authentication chaining High
CVE-2014-2828 was published for keystone (pip) May 17, 2022
Apache Ambari Open Redirect Moderate
CVE-2015-5210 was published for org.apache.ambari:ambari (Maven) May 17, 2022
Apache Ambari SSRF Vulnerability Moderate
CVE-2015-1775 was published for org.apache.ambari:ambari (Maven) May 17, 2022
ProTip! Advisories are also available from the GraphQL API