GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,370 advisories
Filter by severity
Improper Input Validation in Apache Tomcat
Moderate
CVE-2011-4858
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Arbitrary file write in Apache Commons Fileupload
High
CVE-2013-2186
was published
for
commons-fileupload:commons-fileupload
(Maven)
May 14, 2022
Dolibarr SQL injection vulnerability in comm/multiprix.php
Critical
CVE-2017-17897
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Dolibarr SQL injection vulnerability in adherents/subscription/info.php
Critical
CVE-2017-17899
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Dolibarr sensitive information disclosure
High
CVE-2017-17898
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Dolibarr SQL injection vulnerability in fourn/index.php
Critical
CVE-2017-17900
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Fork CMS XSS via Highlight Parameter
Moderate
CVE-2012-1209
was published
for
forkcms/forkcms
(Composer)
May 14, 2022
Fork CMS XSS Vulnerability
Moderate
CVE-2018-5215
was published
for
forkcms/forkcms
(Composer)
May 14, 2022
Dolibarr ERP and CRM contain XSS Vulnerability
Moderate
CVE-2017-17971
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Passbolt API is vulnerable to XSS in the url field on the password workspace grid and sidebar
Moderate
CVE-2017-1000442
was published
for
passbolt/passbolt_api
(Composer)
May 14, 2022
phpBB Server-Side Request Forgery (SSRF)
High
CVE-2017-1000419
was published
for
phpbb/phpbb
(Composer)
May 14, 2022
Syncthing vulnerable to symlink traversal and arbitrary file overwrite
High
CVE-2017-1000420
was published
for
github.com/syncthing/syncthing
(Go)
May 14, 2022
Stored XSS in LavaLite 5.2.4
Moderate
CVE-2017-1000467
was published
for
lavalite/cms
(Composer)
May 14, 2022
Shiba vulnerable to XSS leading to code execution
Moderate
CVE-2017-1000491
was published
for
shiba
(npm)
May 14, 2022
Products.CMFPlone XSS in profile home_page property
Moderate
CVE-2017-1000482
was published
for
Products.CMFPlone
(pip)
May 14, 2022
Cobbler vulnerable to arbitrary code execution
Critical
CVE-2017-1000469
was published
for
cobbler
(pip)
May 14, 2022
QuickApps CMS Cross-site Scripting
Moderate
CVE-2017-1000495
was published
for
quickapps/cms
(Composer)
May 14, 2022
XXE Vulnerability in XMLBundle 0.1.7
High
CVE-2017-1000477
was published
for
desperado/xml-bundle
(Composer)
May 14, 2022
eZ Publish Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2017-1000431
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 14, 2022
Django Vulnerable to Cache Poisoning
Moderate
CVE-2011-4139
was published
for
django
(pip)
May 14, 2022
Django Might Allow CSRF Requests via URL Verification
Moderate
CVE-2011-4138
was published
for
Django
(pip)
May 14, 2022
SQLAlchemy vulnerable to SQL injection
High
CVE-2012-0805
was published
for
SQLAlchemy
(pip)
May 14, 2022
Products.CMFPlone Open Redirect Vulnerability
Moderate
CVE-2017-1000481
was published
for
Products.CMFPlone
(pip)
May 14, 2022
WPGlobus plugin Stored XSS & CSRF security vulnerability
Moderate
CVE-2018-5362
was published
for
wpglobus/wpglobus
(Composer)
May 14, 2022
Shopware XSS Vulnerability
Moderate
CVE-2017-15374
was published
for
shopware/shopware
(Composer)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API