GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,980
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,113
Pub
10
RubyGems
838
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+
321 advisories
Filter by severity
Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs
Moderate
CVE-2014-3663
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins improperly ensures trust separation
Moderate
CVE-2014-3665
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2014-3680
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Djiblets Cross-site scripting Vulnerability via JSON Objects
Moderate
CVE-2014-3994
was published
for
Djblets
(pip)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Requests
Moderate
CVE-2014-1829
was published
for
requests
(pip)
May 17, 2022
Eugene Pankov Ajenti Cross-site scripting Vulnerabilities
Moderate
CVE-2014-4301
was published
for
ajenti
(pip)
May 17, 2022
PyWBEM TOCTOU vulnerability in certificate validation
Moderate
CVE-2013-6418
was published
for
pywbem
(pip)
May 17, 2022
TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component
Moderate
CVE-2013-7073
was published
for
typo3/cms
(Composer)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Direct Web Remoting
Moderate
CVE-2014-5325
was published
for
org.directwebremoting:dwr
(Maven)
May 17, 2022
Typo3 Open Redirect In Frontend Rendering
Moderate
CVE-2014-9508
was published
for
typo3/cms
(Composer)
May 17, 2022
OpenStack keystonemiddleware does not verify certificate
Moderate
CVE-2014-7144
was published
for
keystonemiddleware
(pip)
May 17, 2022
OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service
Moderate
CVE-2015-5286
was published
for
glance
(pip)
May 17, 2022
OpenStack Glance Bypass the storage quota and Denial of service
Moderate
CVE-2014-9623
was published
for
glance
(pip)
May 17, 2022
Improper Input Validation in Apache ActiveMQ
Moderate
CVE-2015-6524
was published
for
org.apache.activemq:activemq-broker
(Maven)
May 17, 2022
OpenStack keystonemiddleware and python-keystoneclient vulnerable to man-in-the-middle attacks
Moderate
CVE-2015-1852
was published
for
keystonemiddleware
(pip)
May 17, 2022
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability
Moderate
CVE-2015-3219
was published
for
horizon
(pip)
May 17, 2022
OpenStack Cinder file disclosure in image convert
Moderate
CVE-2015-1851
was published
for
cinder
(pip)
May 17, 2022
Path Traversal in Eclipse Mojarra
Moderate
CVE-2013-3827
was published
for
org.glassfish:javax.faces
(Maven)
May 17, 2022
TYPO3 OpenID extension Open redirect vulnerability
Moderate
CVE-2013-7079
was published
for
friendsoftypo3/openid
(Composer)
May 17, 2022
OpenStack Glance Denial of service by creating a large number of images
Moderate
CVE-2014-9684
was published
for
glance
(pip)
May 17, 2022
OpenStack Glance Denial of service by creating a large number of images
Moderate
CVE-2015-1881
was published
for
glance
(pip)
May 17, 2022
Django Vulnerable to Cache Poisoning
Moderate
CVE-2014-1418
was published
for
django
(pip)
May 17, 2022
OpenStack Neutron allows remote authenticated users to cause a denial of service
Moderate
CVE-2014-3555
was published
for
neutron
(pip)
May 17, 2022
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API