Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,536 advisories

Loading
PrestaShop XSS Vulnerability Moderate
CVE-2012-20001 was published for prestashop/prestashop (Composer) Apr 23, 2022
Moodle backs up private files High
CVE-2012-1156 was published for moodle/moodle (Composer) Apr 23, 2022
Hadoop symlink vulnerability High
CVE-2012-2945 was published for org.apache.hadoop:hadoop-main (Maven) Apr 23, 2022
Improper Input Validation and Excessive Iteration in Go Facebook Thrift High
CVE-2019-3564 was published for github.com/facebook/fbthrift (Go) Feb 15, 2022
oliverchang
Lancet vulnerable to path traversal when unzipping files High
CVE-2022-41920 was published for github.com/duke-git/lancet (Go) Nov 21, 2022
cokeBeer
Golf may allow attacker to bypass CSRF protections due to weak PRNG High
CVE-2016-15005 was published for github.com/dinever/golf (Go) Dec 28, 2022
Subrion CMS RCE Vulnerability High
CVE-2018-19422 was published for intelliants/subrion (Composer) May 13, 2022
Apache Sling Auth Core bundle vulnerable to Open Redirection Moderate
CVE-2013-4390 was published for org.apache.sling:org.apache.sling.auth.core (Maven) May 17, 2022
Apache Shindig PHP Sensitive Information Disclosure Moderate
CVE-2013-4295 was published for org.apache.shindig:shindig-php (Maven) May 17, 2022
TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component Moderate
CVE-2013-7075 was published for typo3/cms (Composer) May 17, 2022
TYPO3 is vulnerable to Mass Assignment in the Extension table administration library Moderate
CVE-2013-7080 was published for typo3/cms-core (Composer) May 17, 2022
TYPO3 Improper Access Control vulnerability Moderate
CVE-2013-7081 was published for typo3/cms-core (Composer) May 17, 2022
graphite-web is vulnerable to Remote Code Execution via renderLocalView function Critical
CVE-2013-5093 was published for graphite-web (pip) May 17, 2022
graphite-web is vulnerable to Remote Code Execution Critical
CVE-2013-5942 was published for graphite-web (pip) May 17, 2022
Tiki Wiki CMS Groupware Cross-site scripting (XSS) vulnerability Moderate
CVE-2013-4714 was published for tikiwiki/tiki-manager (Composer) May 17, 2022
ecnepsnai/web vulnerable to Uncontrolled Resource Consumption Critical
CVE-2021-4236 was published for github.com/ecnepsnai/web (Go) Dec 28, 2022
Eucalyptus Unauthorized Access to CC/NC Log Files Moderate
CVE-2013-4766 was published for org.jclouds.api:eucalyptus (Maven) May 17, 2022
Apache Solr for TYPO3 (solr) extension is vulnerable to Insecure Unserialize Critical
CVE-2013-6288 was published for apache-solr-for-typo3/solr (Composer) May 17, 2022
Python Swift client is vulnerable to Missing SSL Certificate Check Moderate
CVE-2013-6396 was published for python-swiftclient (pip) May 17, 2022
Geth Node Vulnerable to DoS via maliciously crafted p2p message Moderate
CVE-2021-41173 was published for github.com/ethereum/go-ethereum (Go) Oct 25, 2021
rjl493456442 holiman
Ethereum Contains Consensus Flaw During Block Processing Moderate
CVE-2021-39137 was published for github.com/ethereum/go-ethereum (Go) Aug 30, 2021
guidovranken
TYPO3 SQL injection vulnerability in the Extbase Framework High
CVE-2013-1842 was published for typo3/cms-core (Composer) May 17, 2022
Apache Solr for TYPO3 (solr) extension is vulnerable to Cross-site scripting (XSS) Moderate
CVE-2013-6289 was published for apache-solr-for-typo3/solr (Composer) May 17, 2022
containers/image library Insufficiently Protects Credentials Moderate
CVE-2019-10214 was published for github.com/containers/image (Go) Feb 15, 2022
Lift Sensitive Information Disclosure Moderate
CVE-2013-3300 was published for net.liftweb:lift-webkit (Maven) May 17, 2022
ProTip! Advisories are also available from the GraphQL API