Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,444 advisories

Loading
OpenStack Nova Router metadata queries are not restricted by tenant Moderate
CVE-2013-6419 was published for nova (pip) May 17, 2022
OpenStack Nova Long server names grow nova-api log files significantly Moderate
CVE-2012-1585 was published for nova (pip) May 14, 2022
OpenStack Cinder Denial of Service using XML entities Moderate
CVE-2013-4202 was published for cinder (pip) May 14, 2022
OpenStack Cinder file disclosure in image convert Moderate
CVE-2015-1851 was published for cinder (pip) May 17, 2022
openstack-neutron uncontrolled resource consumption flaw Moderate
CVE-2022-3277 was published for neutron (pip) Mar 7, 2023
openstack-barbican Denial of Service vulnerability Moderate
CVE-2022-23452 was published for barbican (pip) Sep 2, 2022
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability Moderate
CVE-2015-3219 was published for horizon (pip) May 17, 2022
Openstack DBaaS (Trove) Improper Link Resolution Before File Access Moderate
CVE-2015-3156 was published for trove (pip) May 17, 2022
OpenStack Horizon Cross-site scripting (XSS) vulnerability Moderate
CVE-2012-2094 was published for horizon (pip) May 17, 2022
OpenStack Identity (Keystone) UUID v2 tokens does not expire with revocation events Moderate
CVE-2014-5252 was published for keystone (pip) May 17, 2022
OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events Moderate
CVE-2014-5251 was published for keystone (pip) May 17, 2022
OpenStack Keystone Domain-scoped tokens don't get revoked Moderate
CVE-2014-5253 was published for keystone (pip) May 17, 2022
OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user Moderate
CVE-2013-2059 was published for keystone (pip) May 17, 2022
OpenStack Nova VMware instance leak potentially leading to compute DoS Moderate
CVE-2014-8333 was published for nova (pip) May 14, 2022
OpenStack Nova host data access through resize/migration Moderate
CVE-2016-2140 was published for nova (pip) May 14, 2022
OpenStack Nova Potential Xen connection password leak via StorageError Moderate
CVE-2015-8749 was published for nova (pip) May 14, 2022
OpenStack Nova Multiple directory traversal vulnerabilities Moderate
CVE-2011-4596 was published for nova (pip) May 14, 2022
OpenStack Nova Denial of Service in network source security groups Moderate
CVE-2013-4185 was published for nova (pip) May 14, 2022
OpenStack Compute (Nova) Denial of service via a large number of calls to the addFixedIp function Moderate
CVE-2013-1838 was published for nova (pip) May 17, 2022
OpenStack Identity (Keystone) Trustee token revocations does not work with memcache backend Moderate
CVE-2014-2237 was published for keystone (pip) May 17, 2022
OpenStack Compute (Nova) Improper Input Validation Moderate
CVE-2012-2654 was published for nova (pip) May 17, 2022
OpenStack Identity Keystone Improper Access Control Moderate
CVE-2016-4911 was published for keystone (pip) May 17, 2022
OpenStack Compute (Nova) Improper Access Control Moderate
CVE-2015-2687 was published for nova (pip) May 17, 2022
OpenStack Nova DoS through ephemeral disk backing files Moderate
CVE-2013-6437 was published for nova (pip) May 14, 2022
OpenStack Nova instance migration process does not stop when instance is deleted Moderate
CVE-2015-3241 was published for nova (pip) May 14, 2022
ProTip! Advisories are also available from the GraphQL API