Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,869
Erlang
29
GitHub Actions
16
Go
1,717
Maven
4,951
npm
3,480
NuGet
605
pip
3,026
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,123 advisories

Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data Moderate
CVE-2011-2894 was published for org.springframework.security:spring-security-core (Maven) May 14, 2022
sunSUNQ
Plone Open Redirection vulnerability via next parameter Moderate
CVE-2013-4200 was published for Plone (pip) May 14, 2022
Improper Neutralization of Input During Web Page Generation in Mojarra Moderate
CVE-2013-5855 was published for org.glassfish:javax.faces (Maven) May 14, 2022
Improper Neutralization of Input During Web Page Generation in JAMon Moderate
CVE-2013-6235 was published for com.jamonapi:jamon (Maven) May 14, 2022
Libcloud does not properly scrub data when destroying a DigitalOcean node Low
CVE-2013-6480 was published for apache-libcloud (pip) May 14, 2022
DOMPDF Arbitrary File Read Moderate
CVE-2014-2383 was published for dompdf/dompdf (Composer) May 14, 2022
Cobbler Path Traversal vulnerability Moderate
CVE-2014-3225 was published for cobbler (pip) May 14, 2022
Apache Syncope uses a weak PNRG Moderate
CVE-2014-3503 was published for org.apache.syncope:syncope (Maven) May 14, 2022
Cross-site scripting in Elasticsearch Moderate
CVE-2014-6439 was published for org.elasticsearch:elasticsearch (Maven) May 14, 2022
Cross-Site Request Forgery in Apache Struts Moderate
CVE-2014-7809 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ
Improper Neutralization of Special Elements used in a Command in Apache Cassandra High
CVE-2015-0225 was published for org.apache.cassandra:apache-cassandra (Maven) May 14, 2022
Improper Access Control in Elasticsearch High
CVE-2015-1427 was published for org.elasticsearch:elasticsearch (Maven) May 14, 2022
Improper Input Validation in Apache Jackrabbit Moderate
CVE-2015-1833 was published for org.apache.jackrabbit:jackrabbit-core (Maven) May 14, 2022
MarkLee131
Fat Free CRM Cross-Site Request Forgery vulnerability Moderate
CVE-2015-1585 was published for fat_free_crm (RubyGems) May 14, 2022
tdunlap607
Apache Storm remote code execution vulnerability Critical
CVE-2015-3188 was published for org.apache.storm:storm (Maven) May 14, 2022
Improper Access Control in Elasticsearch High
CVE-2015-4165 was published for org.elasticsearch:elasticsearch (Maven) May 14, 2022
Silverstripe CMS Open Redirect Moderate
CVE-2015-5062 was published for silverstripe/cms (Composer) May 14, 2022
TYPO3 cross-site scripting (XSS) Low
CVE-2015-5956 was published for typo3/cms (Composer) May 14, 2022
Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch Moderate
CVE-2015-5531 was published for org.elasticsearch:elasticsearch (Maven) May 14, 2022
Apache James Server OS Command Injection High
CVE-2015-7611 was published for org.apache.james:james-server (Maven) May 14, 2022
Symfony Session Fixation Vulnerability Low
CVE-2015-8124 was published for symfony/security (Composer) May 14, 2022
CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter High
CVE-2015-8379 was published for cakephp/cakephp (Composer) May 14, 2022
ravage84
Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post High
CVE-2016-0956 was published for org.apache.sling:org.apache.sling.servlets.post (Maven) May 14, 2022
Apache OpenMeetings Cross-site Scripting vulnerability Moderate
CVE-2016-2163 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 14, 2022
Apache OpenMeetings allows remote attackers to read arbitrary files by attempting to upload a file High
CVE-2016-2164 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API