GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,869
Erlang
29
GitHub Actions
16
Go
1,717
Maven
4,951
npm
3,480
NuGet
605
pip
3,026
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,123 advisories
Filter by severity
Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data
Moderate
CVE-2011-2894
was published
for
org.springframework.security:spring-security-core
(Maven)
May 14, 2022
Plone Open Redirection vulnerability via next parameter
Moderate
CVE-2013-4200
was published
for
Plone
(pip)
May 14, 2022
Improper Neutralization of Input During Web Page Generation in Mojarra
Moderate
CVE-2013-5855
was published
for
org.glassfish:javax.faces
(Maven)
May 14, 2022
Improper Neutralization of Input During Web Page Generation in JAMon
Moderate
CVE-2013-6235
was published
for
com.jamonapi:jamon
(Maven)
May 14, 2022
Libcloud does not properly scrub data when destroying a DigitalOcean node
Low
CVE-2013-6480
was published
for
apache-libcloud
(pip)
May 14, 2022
DOMPDF Arbitrary File Read
Moderate
CVE-2014-2383
was published
for
dompdf/dompdf
(Composer)
May 14, 2022
Cobbler Path Traversal vulnerability
Moderate
CVE-2014-3225
was published
for
cobbler
(pip)
May 14, 2022
Apache Syncope uses a weak PNRG
Moderate
CVE-2014-3503
was published
for
org.apache.syncope:syncope
(Maven)
May 14, 2022
Cross-site scripting in Elasticsearch
Moderate
CVE-2014-6439
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 14, 2022
Cross-Site Request Forgery in Apache Struts
Moderate
CVE-2014-7809
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
Improper Neutralization of Special Elements used in a Command in Apache Cassandra
High
CVE-2015-0225
was published
for
org.apache.cassandra:apache-cassandra
(Maven)
May 14, 2022
Improper Access Control in Elasticsearch
High
CVE-2015-1427
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 14, 2022
Improper Input Validation in Apache Jackrabbit
Moderate
CVE-2015-1833
was published
for
org.apache.jackrabbit:jackrabbit-core
(Maven)
May 14, 2022
Fat Free CRM Cross-Site Request Forgery vulnerability
Moderate
CVE-2015-1585
was published
for
fat_free_crm
(RubyGems)
May 14, 2022
Apache Storm remote code execution vulnerability
Critical
CVE-2015-3188
was published
for
org.apache.storm:storm
(Maven)
May 14, 2022
Improper Access Control in Elasticsearch
High
CVE-2015-4165
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 14, 2022
Silverstripe CMS Open Redirect
Moderate
CVE-2015-5062
was published
for
silverstripe/cms
(Composer)
May 14, 2022
TYPO3 cross-site scripting (XSS)
Low
CVE-2015-5956
was published
for
typo3/cms
(Composer)
May 14, 2022
Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch
Moderate
CVE-2015-5531
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 14, 2022
Apache James Server OS Command Injection
High
CVE-2015-7611
was published
for
org.apache.james:james-server
(Maven)
May 14, 2022
Symfony Session Fixation Vulnerability
Low
CVE-2015-8124
was published
for
symfony/security
(Composer)
May 14, 2022
CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter
High
CVE-2015-8379
was published
for
cakephp/cakephp
(Composer)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post
High
CVE-2016-0956
was published
for
org.apache.sling:org.apache.sling.servlets.post
(Maven)
May 14, 2022
Apache OpenMeetings Cross-site Scripting vulnerability
Moderate
CVE-2016-2163
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 14, 2022
Apache OpenMeetings allows remote attackers to read arbitrary files by attempting to upload a file
High
CVE-2016-2164
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API