Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,980
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,113
Pub
10
RubyGems
838
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+

321 advisories

Loading
EC-CUBE vulnerable to authorization bypass Moderate
CVE-2014-0808 was published for ec-cube/ec-cube (Composer) May 17, 2022
Python Swift client is vulnerable to Missing SSL Certificate Check Moderate
CVE-2013-6396 was published for python-swiftclient (pip) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in JGroup Moderate
CVE-2013-4112 was published for org.jgroups:jgroups (Maven) May 17, 2022
OpenStack Swift Discloses Secret URLs to Timing Attack Moderate
CVE-2014-0006 was published for swift (pip) May 17, 2022
OpenStack Nova Router metadata queries are not restricted by tenant Moderate
CVE-2013-6419 was published for nova (pip) May 17, 2022
SOAPpy vulnerable to XML External Entity attacks Moderate
CVE-2014-3242 was published for SOAPpy (pip) May 17, 2022
SOAPpy vulnerable to XXE attacks Moderate
CVE-2014-3243 was published for SOAPpy (pip) May 17, 2022
TYPO3 Improper Session Invalidation Moderate
CVE-2014-3944 was published for typo3/cms (Composer) May 17, 2022
Typo3 Information Disclosure Moderate
CVE-2014-3946 was published for typo3/cms (Composer) May 17, 2022
PHPExcel vulnerable to XXE attacks through libxml Moderate
CVE-2014-2054 was published for phpoffice/phpexcel (Composer) May 17, 2022
OpenStack Image Registry and Delivery Service (Glance) Improper Input Validation vulnerability Moderate
CVE-2014-0162 was published for glance (pip) May 17, 2022
OpenStack Neutron Improper Authentication vulnerability Moderate
CVE-2014-0056 was published for neutron (pip) May 17, 2022
ImpressCMS Cross-site scripting Vulnerability Moderate
CVE-2014-4036 was published for impresscms/impresscms (Composer) May 17, 2022
Djblets Cross-site scripting Vulnerability Moderate
CVE-2014-3995 was published for djblets (pip) May 17, 2022
OpenStack Compute (Nova) allows remote authenticated users to gain privileges via API requests Moderate
CVE-2014-0167 was published for nova (pip) May 17, 2022
Apache Solr UpdateRequestHandler for XML resolves XML External Entities Moderate
CVE-2013-6407 was published for org.apache.solr:solr-core (Maven) May 17, 2022
MarkLee131
XML Injection in Apache Solr Moderate
CVE-2013-6408 was published for org.apache.solr:solr-core (Maven) May 17, 2022
MarkLee131
Fat Free CRM subject to Cross-site Scripting Moderate
CVE-2014-5441 was published for fat_free_crm (RubyGems) May 17, 2022
Cross-Site Request Forgery in Jolokia Moderate
CVE-2014-0168 was published for org.jolokia:jolokia-core (Maven) May 17, 2022
Plone is vulnerable to denial of service Moderate
CVE-2012-5499 was published for Plone (pip) May 17, 2022
Plone User account enumeration via crafted URL Moderate
CVE-2012-5497 was published for plone (pip) May 17, 2022
tdunlap607
OpenStack Identity (Keystone) UUID v2 tokens does not expire with revocation events Moderate
CVE-2014-5252 was published for keystone (pip) May 17, 2022
OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events Moderate
CVE-2014-5251 was published for keystone (pip) May 17, 2022
OpenStack Keystone Domain-scoped tokens don't get revoked Moderate
CVE-2014-5253 was published for keystone (pip) May 17, 2022
Plone contains Cross-site Request Forgery Moderate
CVE-2012-5500 was published for plone (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API