GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,536 advisories
Filter by severity
PrestaShop XSS Vulnerability
Moderate
CVE-2012-20001
was published
for
prestashop/prestashop
(Composer)
Apr 23, 2022
Moodle backs up private files
High
CVE-2012-1156
was published
for
moodle/moodle
(Composer)
Apr 23, 2022
Hadoop symlink vulnerability
High
CVE-2012-2945
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Apr 23, 2022
Improper Input Validation and Excessive Iteration in Go Facebook Thrift
High
CVE-2019-3564
was published
for
github.com/facebook/fbthrift
(Go)
Feb 15, 2022
Lancet vulnerable to path traversal when unzipping files
High
CVE-2022-41920
was published
for
github.com/duke-git/lancet
(Go)
Nov 21, 2022
Golf may allow attacker to bypass CSRF protections due to weak PRNG
High
CVE-2016-15005
was published
for
github.com/dinever/golf
(Go)
Dec 28, 2022
Subrion CMS RCE Vulnerability
High
CVE-2018-19422
was published
for
intelliants/subrion
(Composer)
May 13, 2022
Apache Sling Auth Core bundle vulnerable to Open Redirection
Moderate
CVE-2013-4390
was published
for
org.apache.sling:org.apache.sling.auth.core
(Maven)
May 17, 2022
Apache Shindig PHP Sensitive Information Disclosure
Moderate
CVE-2013-4295
was published
for
org.apache.shindig:shindig-php
(Maven)
May 17, 2022
TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component
Moderate
CVE-2013-7075
was published
for
typo3/cms
(Composer)
May 17, 2022
TYPO3 is vulnerable to Mass Assignment in the Extension table administration library
Moderate
CVE-2013-7080
was published
for
typo3/cms-core
(Composer)
May 17, 2022
TYPO3 Improper Access Control vulnerability
Moderate
CVE-2013-7081
was published
for
typo3/cms-core
(Composer)
May 17, 2022
graphite-web is vulnerable to Remote Code Execution via renderLocalView function
Critical
CVE-2013-5093
was published
for
graphite-web
(pip)
May 17, 2022
graphite-web is vulnerable to Remote Code Execution
Critical
CVE-2013-5942
was published
for
graphite-web
(pip)
May 17, 2022
Tiki Wiki CMS Groupware Cross-site scripting (XSS) vulnerability
Moderate
CVE-2013-4714
was published
for
tikiwiki/tiki-manager
(Composer)
May 17, 2022
ecnepsnai/web vulnerable to Uncontrolled Resource Consumption
Critical
CVE-2021-4236
was published
for
github.com/ecnepsnai/web
(Go)
Dec 28, 2022
Eucalyptus Unauthorized Access to CC/NC Log Files
Moderate
CVE-2013-4766
was published
for
org.jclouds.api:eucalyptus
(Maven)
May 17, 2022
Apache Solr for TYPO3 (solr) extension is vulnerable to Insecure Unserialize
Critical
CVE-2013-6288
was published
for
apache-solr-for-typo3/solr
(Composer)
May 17, 2022
Python Swift client is vulnerable to Missing SSL Certificate Check
Moderate
CVE-2013-6396
was published
for
python-swiftclient
(pip)
May 17, 2022
Geth Node Vulnerable to DoS via maliciously crafted p2p message
Moderate
CVE-2021-41173
was published
for
github.com/ethereum/go-ethereum
(Go)
Oct 25, 2021
Ethereum Contains Consensus Flaw During Block Processing
Moderate
CVE-2021-39137
was published
for
github.com/ethereum/go-ethereum
(Go)
Aug 30, 2021
TYPO3 SQL injection vulnerability in the Extbase Framework
High
CVE-2013-1842
was published
for
typo3/cms-core
(Composer)
May 17, 2022
Apache Solr for TYPO3 (solr) extension is vulnerable to Cross-site scripting (XSS)
Moderate
CVE-2013-6289
was published
for
apache-solr-for-typo3/solr
(Composer)
May 17, 2022
containers/image library Insufficiently Protects Credentials
Moderate
CVE-2019-10214
was published
for
github.com/containers/image
(Go)
Feb 15, 2022
Lift Sensitive Information Disclosure
Moderate
CVE-2013-3300
was published
for
net.liftweb:lift-webkit
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API