GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,980
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,113
Pub
10
RubyGems
838
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+
321 advisories
Filter by severity
EC-CUBE vulnerable to authorization bypass
Moderate
CVE-2014-0808
was published
for
ec-cube/ec-cube
(Composer)
May 17, 2022
Python Swift client is vulnerable to Missing SSL Certificate Check
Moderate
CVE-2013-6396
was published
for
python-swiftclient
(pip)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in JGroup
Moderate
CVE-2013-4112
was published
for
org.jgroups:jgroups
(Maven)
May 17, 2022
OpenStack Swift Discloses Secret URLs to Timing Attack
Moderate
CVE-2014-0006
was published
for
swift
(pip)
May 17, 2022
OpenStack Nova Router metadata queries are not restricted by tenant
Moderate
CVE-2013-6419
was published
for
nova
(pip)
May 17, 2022
SOAPpy vulnerable to XML External Entity attacks
Moderate
CVE-2014-3242
was published
for
SOAPpy
(pip)
May 17, 2022
TYPO3 Improper Session Invalidation
Moderate
CVE-2014-3944
was published
for
typo3/cms
(Composer)
May 17, 2022
Typo3 Information Disclosure
Moderate
CVE-2014-3946
was published
for
typo3/cms
(Composer)
May 17, 2022
PHPExcel vulnerable to XXE attacks through libxml
Moderate
CVE-2014-2054
was published
for
phpoffice/phpexcel
(Composer)
May 17, 2022
OpenStack Image Registry and Delivery Service (Glance) Improper Input Validation vulnerability
Moderate
CVE-2014-0162
was published
for
glance
(pip)
May 17, 2022
OpenStack Neutron Improper Authentication vulnerability
Moderate
CVE-2014-0056
was published
for
neutron
(pip)
May 17, 2022
ImpressCMS Cross-site scripting Vulnerability
Moderate
CVE-2014-4036
was published
for
impresscms/impresscms
(Composer)
May 17, 2022
Djblets Cross-site scripting Vulnerability
Moderate
CVE-2014-3995
was published
for
djblets
(pip)
May 17, 2022
OpenStack Compute (Nova) allows remote authenticated users to gain privileges via API requests
Moderate
CVE-2014-0167
was published
for
nova
(pip)
May 17, 2022
Apache Solr UpdateRequestHandler for XML resolves XML External Entities
Moderate
CVE-2013-6407
was published
for
org.apache.solr:solr-core
(Maven)
May 17, 2022
XML Injection in Apache Solr
Moderate
CVE-2013-6408
was published
for
org.apache.solr:solr-core
(Maven)
May 17, 2022
Fat Free CRM subject to Cross-site Scripting
Moderate
CVE-2014-5441
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Cross-Site Request Forgery in Jolokia
Moderate
CVE-2014-0168
was published
for
org.jolokia:jolokia-core
(Maven)
May 17, 2022
Plone is vulnerable to denial of service
Moderate
CVE-2012-5499
was published
for
Plone
(pip)
May 17, 2022
Plone User account enumeration via crafted URL
Moderate
CVE-2012-5497
was published
for
plone
(pip)
May 17, 2022
OpenStack Identity (Keystone) UUID v2 tokens does not expire with revocation events
Moderate
CVE-2014-5252
was published
for
keystone
(pip)
May 17, 2022
OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events
Moderate
CVE-2014-5251
was published
for
keystone
(pip)
May 17, 2022
OpenStack Keystone Domain-scoped tokens don't get revoked
Moderate
CVE-2014-5253
was published
for
keystone
(pip)
May 17, 2022
Plone contains Cross-site Request Forgery
Moderate
CVE-2012-5500
was published
for
plone
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API