GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
20,135 advisories
Filter by severity
Improper Authentication in OpenSAML
Moderate
CVE-2011-1411
was published
for
org.opensaml:opensaml
(Maven)
May 17, 2022
Setuptools vulnerable to Man-in-the-middle attacks
High
CVE-2013-1633
was published
for
setuptools
(pip)
May 17, 2022
FriendsOfSymfony FOSUserBundle denial of service via login form
Moderate
CVE-2013-5750
was published
for
friendsofsymfony/user-bundle
(Composer)
May 17, 2022
Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security
Moderate
CVE-2011-2731
was published
for
org.springframework.security:spring-security-core
(Maven)
May 17, 2022
Apache Shindig PHP Sensitive Information Disclosure
Moderate
CVE-2013-4295
was published
for
org.apache.shindig:shindig-php
(Maven)
May 17, 2022
Apache Sling Auth Core bundle vulnerable to Open Redirection
Moderate
CVE-2013-4390
was published
for
org.apache.sling:org.apache.sling.auth.core
(Maven)
May 17, 2022
PyCrypto does not properly reseed PRNG before allowing access
Moderate
CVE-2013-1445
was published
for
pycrypto
(pip)
May 17, 2022
Rack Gem Subject to Denial of Service via Hash Collisions
Moderate
CVE-2011-5036
was published
for
org.jruby:jruby-parent
(RubyGems)
May 17, 2022
OpenStack Cinder LVMVolumeDriver does not zero deleted snapshots
Low
CVE-2013-4183
was published
for
cinder
(pip)
May 17, 2022
OpenStack Swift allows authenticated users to cause a denial of service
Moderate
CVE-2013-4155
was published
for
swift
(pip)
May 17, 2022
OpenStack Compute (Nova) vulnerable to denial of service via XML Entity Expansion attack
Moderate
CVE-2013-4179
was published
for
nova
(pip)
May 17, 2022
OpenStack Identity (Keystone) allows remote attackers to bypass intended access restrictions via revoked PKI token
Moderate
CVE-2013-4294
was published
for
keystone
(pip)
May 17, 2022
Apache Solr for TYPO3 (solr) extension is vulnerable to Cross-site scripting (XSS)
Moderate
CVE-2013-6289
was published
for
apache-solr-for-typo3/solr
(Composer)
May 17, 2022
Apache Solr for TYPO3 (solr) extension is vulnerable to Insecure Unserialize
Critical
CVE-2013-6288
was published
for
apache-solr-for-typo3/solr
(Composer)
May 17, 2022
SaltStack Privilege Escalation vulnerability
High
CVE-2013-6617
was published
for
salt
(pip)
May 17, 2022
Tiki Wiki CMS Groupware Cross-site scripting (XSS) vulnerability
Moderate
CVE-2013-4714
was published
for
tikiwiki/tiki-manager
(Composer)
May 17, 2022
OpenStack Compute Nova Improper Access Control
Moderate
CVE-2013-4497
was published
for
nova
(pip)
May 17, 2022
Minion identity not validated in saltstack
Moderate
CVE-2013-4439
was published
for
salt
(pip)
May 17, 2022
Salt has insufficient argument validation in several modules
Moderate
CVE-2013-4435
was published
for
salt
(pip)
May 17, 2022
phpMyAdmin Remote Code Execution
High
CVE-2013-3239
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Tryton Directory Traversal vulnerability
High
CVE-2013-4510
was published
for
trytond
(pip)
May 17, 2022
Apache Struts is vulnerable to Cross-site Scripting
Moderate
CVE-2013-6348
was published
for
org.apache.struts:struts2-core
(Maven)
May 17, 2022
OpenStack Keystone Improper Authentication vulnerability
Moderate
CVE-2013-1865
was published
for
keystone
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API