GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,793
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,947
npm
3,475
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,000 advisories
Filter by severity
OpenStack Dashboard (aka Horizon) vulnerable to Cross-site Scripting
Moderate
CVE-2014-0157
was published
for
horizon
(pip)
May 14, 2022
phpMyAdmin full path disclosure vulnerability
Moderate
CVE-2016-5730
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
phpMyAdmin Cross-site scripting (XSS) vulnerability
Moderate
CVE-2016-5731
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
phpMyAdmin Denial Of Service (DOS) attack
High
CVE-2016-5706
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
Mercurial arbitrary code execution vulnerability
High
CVE-2016-3630
was published
for
mercurial
(pip)
May 14, 2022
Mercurial vulnerable to arbitrary code execution via a crafted name when converting a Git repository
High
CVE-2016-3069
was published
for
mercurial
(pip)
May 14, 2022
Mercurial arbitrary code execution via a crafted git ext:: URL
High
CVE-2016-3068
was published
for
mercurial
(pip)
May 14, 2022
phpMyAdmin XSS Vulnerability
Moderate
CVE-2016-2040
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
phpMyAdmin Unsafe comparison of XSRF/CSRF token
High
CVE-2016-2041
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
Django Denial-of-service possibility with strip_tags
Moderate
CVE-2015-2316
was published
for
Django
(pip)
May 14, 2022
Django cross-site scripting (XSS) attack via user-supplied redirect URLs
Moderate
CVE-2015-2317
was published
for
Django
(pip)
May 14, 2022
Pillow denial of service via PNG bomb
Moderate
CVE-2014-9601
was published
for
pillow
(pip)
May 14, 2022
Mercurial vulnerable to arbitrary command execution via a crafted repository name in a clone command
High
CVE-2014-9462
was published
for
mercurial
(pip)
May 14, 2022
phpMyAdmin Implementation XSS Vulnerability on Server Monitor Page
Moderate
CVE-2014-8326
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
phpMyAdmin cross-site scripting vulnerability in crafted view name
Low
CVE-2014-5274
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
Pillow denial of service via Crafted Block Size
Moderate
CVE-2014-3589
was published
for
pillow
(pip)
May 14, 2022
IPython Notebook vulnerable to improper validation of the origin of websocket requests
Moderate
CVE-2014-3429
was published
for
ipython
(pip)
May 14, 2022
Pillow is vulnerable to Denial of Service (DOS) in the Jpeg2KImagePlugin
Moderate
CVE-2014-3598
was published
for
pillow
(pip)
May 14, 2022
Jython Improper Access Restrictions vulnerability
Moderate
CVE-2013-2027
was published
for
org.python:jython-standalone
(Maven)
May 14, 2022
simplejson before 2.6.1 vulnerable to array index error
Moderate
CVE-2014-4616
was published
for
simplejson
(pip)
May 14, 2022
Django denial of service via file upload naming
Moderate
CVE-2014-0481
was published
for
django
(pip)
May 14, 2022
Improper Neutralization of Input During Web Page Generation in Jupyter Notebook
Moderate
CVE-2015-6938
was published
for
ipython
(pip)
May 14, 2022
Twig remote code execution in templates
High
CVE-2015-7809
was published
for
twig/twig
(Composer)
May 14, 2022
Ansible uses a socket with predictable filename in /tmp
Low
CVE-2013-4259
was published
for
Ansible
(pip)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API