Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,793
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,947
npm
3,475
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,000 advisories

Ansible Arbitrary File Overwrite Vulnerability Low
CVE-2013-4260 was published for ansible (pip) May 14, 2022
WEBrick RCE Vulnerability High
CVE-2017-10784 was published for webrick (RubyGems) May 14, 2022
brent-yearone drewblas
leviem1 orien aramprice intrigus-lgtm alagos longkt90 ChrisBAshton potsbo libussa
Ruby OpenSSL DoS Vulnerability High
CVE-2017-14033 was published for openssl (RubyGems) May 14, 2022
ChakraCore information disclosure vulnerability Moderate
CVE-2018-8315 was published for Microsoft.ChakraCore (NuGet) May 14, 2022
ThinkPHP SQL Injection vulnerability Critical
CVE-2018-16385 was published for topthink/framework (Composer) May 14, 2022
Pimcore XSS Vulnerability Moderate
CVE-2018-14059 was published for pimcore/pimcore (Composer) May 14, 2022
phpMyFAQ CSRF High
CVE-2018-16650 was published for thorsten/phpmyfaq (Composer) May 14, 2022
XML External Entity Reference in Apache Cayenne High
CVE-2018-11758 was published for org.apache.cayenne:cayenne-parent (Maven) May 14, 2022
Gogs XSS Vulnerability Moderate
CVE-2018-17031 was published for gogs.io/gogs (Go) May 14, 2022
Improper Neutralization of Input During Web Page Generation in Dojo Dojo Objective Harness Moderate
CVE-2018-1000665 was published for org.dojotoolkit:dojo (Maven) May 14, 2022
Subrion Cross-site scripting (XSS) vulnerability Moderate
CVE-2017-10795 was published for intelliants/subrion (Composer) May 14, 2022
Subrion CMS CSRF Vulnerability High
CVE-2017-15063 was published for intelliants/subrion (Composer) May 14, 2022
Auth0-ASPNET and Auth0-ASPNET-Owin vulnerable to Cross-Site Request Forgery High
CVE-2018-15121 was published for Auth0-ASPNET-Owin (NuGet) May 14, 2022
klaudialax
Subrion CMS Cross-site scripting in search Moderate
CVE-2014-9120 was published for intelliants/subrion (Composer) May 14, 2022
Subrion CMS PHP Object Injection Critical
CVE-2017-5543 was published for intelliants/subrion (Composer) May 14, 2022
Subrion CMS Cross-site Scripting Moderate
CVE-2018-14840 was published for intelliants/subrion (Composer) May 14, 2022
Subrion CMS Stored Cross-site Scripting (XSS) Moderate
CVE-2018-15563 was published for intelliants/subrion (Composer) May 14, 2022
Subrion Cross-site Scripting (XSS) Moderate
CVE-2018-16327 was published for intelliants/subrion (Composer) May 14, 2022
Wallabag cross-site scripting (XSS) vulnerability Moderate
CVE-2018-11352 was published for wallabag/wallabag (Composer) May 14, 2022
Mingsoft MCMS CSRF vulnerability High
CVE-2018-17366 was published for net.mingsoft:ms-mcms (Maven) May 14, 2022
OpenStack Nova Long server names grow nova-api log files significantly Moderate
CVE-2012-1585 was published for nova (pip) May 14, 2022
XWiki XSS Vulnerability Moderate
CVE-2018-16277 was published for org.xwiki.platform:xwiki-platform (Maven) May 14, 2022
OpenStack Nova Denial of Service in network source security groups Moderate
CVE-2013-4185 was published for nova (pip) May 14, 2022
OpenStack Compute (Nova) Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2014-3517 was published for nova (pip) May 14, 2022
OpenStack Nova Multiple directory traversal vulnerabilities Moderate
CVE-2011-4596 was published for nova (pip) May 14, 2022
ProTip! Advisories are also available from the GraphQL API