Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,370 advisories

Loading
Improper Input Validation in Apache Tomcat Moderate
CVE-2011-4858 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Arbitrary file write in Apache Commons Fileupload High
CVE-2013-2186 was published for commons-fileupload:commons-fileupload (Maven) May 14, 2022
MarkLee131
Dolibarr SQL injection vulnerability in comm/multiprix.php Critical
CVE-2017-17897 was published for dolibarr/dolibarr (Composer) May 14, 2022
Dolibarr SQL injection vulnerability in adherents/subscription/info.php Critical
CVE-2017-17899 was published for dolibarr/dolibarr (Composer) May 14, 2022
Dolibarr sensitive information disclosure High
CVE-2017-17898 was published for dolibarr/dolibarr (Composer) May 14, 2022
Dolibarr SQL injection vulnerability in fourn/index.php Critical
CVE-2017-17900 was published for dolibarr/dolibarr (Composer) May 14, 2022
Fork CMS XSS via Highlight Parameter Moderate
CVE-2012-1209 was published for forkcms/forkcms (Composer) May 14, 2022
Fork CMS XSS Vulnerability Moderate
CVE-2018-5215 was published for forkcms/forkcms (Composer) May 14, 2022
Dolibarr ERP and CRM contain XSS Vulnerability Moderate
CVE-2017-17971 was published for dolibarr/dolibarr (Composer) May 14, 2022
Passbolt API is vulnerable to XSS in the url field on the password workspace grid and sidebar Moderate
CVE-2017-1000442 was published for passbolt/passbolt_api (Composer) May 14, 2022
phpBB Server-Side Request Forgery (SSRF) High
CVE-2017-1000419 was published for phpbb/phpbb (Composer) May 14, 2022
Syncthing vulnerable to symlink traversal and arbitrary file overwrite High
CVE-2017-1000420 was published for github.com/syncthing/syncthing (Go) May 14, 2022
Stored XSS in LavaLite 5.2.4 Moderate
CVE-2017-1000467 was published for lavalite/cms (Composer) May 14, 2022
Shiba vulnerable to XSS leading to code execution Moderate
CVE-2017-1000491 was published for shiba (npm) May 14, 2022
Products.CMFPlone XSS in profile home_page property Moderate
CVE-2017-1000482 was published for Products.CMFPlone (pip) May 14, 2022
Cobbler vulnerable to arbitrary code execution Critical
CVE-2017-1000469 was published for cobbler (pip) May 14, 2022
QuickApps CMS Cross-site Scripting Moderate
CVE-2017-1000495 was published for quickapps/cms (Composer) May 14, 2022
XXE Vulnerability in XMLBundle 0.1.7 High
CVE-2017-1000477 was published for desperado/xml-bundle (Composer) May 14, 2022
eZ Publish Cross-site Scripting (XSS) vulnerability Moderate
CVE-2017-1000431 was published for ezsystems/ezpublish-legacy (Composer) May 14, 2022
Django Vulnerable to Cache Poisoning Moderate
CVE-2011-4139 was published for django (pip) May 14, 2022
Django Might Allow CSRF Requests via URL Verification Moderate
CVE-2011-4138 was published for Django (pip) May 14, 2022
SQLAlchemy vulnerable to SQL injection High
CVE-2012-0805 was published for SQLAlchemy (pip) May 14, 2022
Products.CMFPlone Open Redirect Vulnerability Moderate
CVE-2017-1000481 was published for Products.CMFPlone (pip) May 14, 2022
WPGlobus plugin Stored XSS & CSRF security vulnerability Moderate
CVE-2018-5362 was published for wpglobus/wpglobus (Composer) May 14, 2022
Shopware XSS Vulnerability Moderate
CVE-2017-15374 was published for shopware/shopware (Composer) May 14, 2022
ProTip! Advisories are also available from the GraphQL API