GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,079 advisories
Filter by severity
MoinMoin Cross-site Scripting (XSS) vulnerability
Low
CVE-2011-1058
was published
for
moin
(pip)
May 17, 2022
Ajenti Cross-site scripting (XSS) vulnerability
Low
CVE-2014-2260
was published
for
ajenti
(pip)
May 17, 2022
ceph-deploy uses world-readable permissions on client.admin key
Low
CVE-2015-4053
was published
for
ceph-deploy
(pip)
May 17, 2022
Salt uses weak permissions on the cache data
Low
CVE-2015-8034
was published
for
salt
(pip)
May 17, 2022
ceph-deploy allows local users to obtain sensitive information by reading the file
Low
CVE-2015-3010
was published
for
ceph-deploy
(pip)
May 17, 2022
httplib2 incorrectly checks SSL certificate
Low
CVE-2013-2037
was published
for
httplib2
(pip)
May 14, 2022
MoinMoin Cross-site Scripting (XSS) vulnerability
Low
CVE-2010-0828
was published
for
moin
(pip)
May 2, 2022
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
Low
CVE-2024-30261
was published
for
undici
(npm)
Apr 4, 2024
Mattermost fails to limit the size of a request path
Low
CVE-2024-22091
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Mattermost fails to fully validate role changes
Low
CVE-2024-4198
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Mattermost allows team admins to promote guests to team admins
Low
CVE-2024-4195
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
TYPO3 cross-site scripting (XSS)
Low
CVE-2015-5956
was published
for
typo3/cms
(Composer)
May 14, 2022
EC-CUBE Directory traversal vulnerability
Low
CVE-2022-40199
was published
for
ec-cube/ec-cube
(Composer)
Sep 28, 2022
keylime fails to flag device as untrusted when signature does not validate
Low
CVE-2023-3674
was published
for
keylime
(pip)
Jul 19, 2023
Caddy allows enumeration of Certificates and Hostnames
Low
CVE-2018-19148
was published
for
github.com/caddyserver/caddy
(Go)
May 14, 2022
CosmWasm affected by arithmetic overflows
Low
GHSA-8724-5xmm-w5xq
was published
for
cosmwasm-std
(Rust)
Apr 24, 2024
MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service
Low
CVE-2024-27086
was published
for
Microsoft.Identity.Client
(NuGet)
Apr 16, 2024
OpenCart Cross-Site Request Forgery (CSRF)
Low
CVE-2020-28838
was published
for
opencart/opencart
(Composer)
May 24, 2022
MySQL Connectors Privilege Escalation
Low
CVE-2017-3590
was published
for
mysql-connector-python
(pip)
May 13, 2022
Generation of Error Message Containing Sensitive Information in Keycloak
Low
CVE-2020-1717
was published
for
org.keycloak:keycloak-parent
(Maven)
Feb 9, 2022
JADX file override vulnerability
Low
GHSA-hvp5-5x4f-33fq
was published
for
io.github.skylot:jadx-core
(Maven)
Apr 22, 2024
Authelia's Group Changes may not have the expected results (YAML file backend)
Low
GHSA-x883-2vmg-xwf7
was published
for
github.com/authelia/authelia/v4
(Go)
Apr 22, 2024
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Low
CVE-2024-30260
was published
for
undici
(npm)
Apr 4, 2024
Enabling Authentication does not close all logged in socket connections immediately
Low
GHSA-23q2-5gf8-gjpp
was published
for
uptime-kuma
(npm)
Apr 19, 2024
1Panel's password verification is suspected to have a timing attack vulnerability
Low
CVE-2024-30257
was published
for
github.com/1Panel-dev/1Panel
(Go)
Apr 18, 2024
ProTip!
Advisories are also available from the
GraphQL API