Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,980
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,113
Pub
10
RubyGems
838
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+

321 advisories

Loading
Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs Moderate
CVE-2014-3663 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins improperly ensures trust separation Moderate
CVE-2014-3665 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2014-3680 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Djiblets Cross-site scripting Vulnerability via JSON Objects Moderate
CVE-2014-3994 was published for Djblets (pip) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Requests Moderate
CVE-2014-1829 was published for requests (pip) May 17, 2022
Eugene Pankov Ajenti Cross-site scripting Vulnerabilities Moderate
CVE-2014-4301 was published for ajenti (pip) May 17, 2022
PyWBEM TOCTOU vulnerability in certificate validation Moderate
CVE-2013-6418 was published for pywbem (pip) May 17, 2022
TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component Moderate
CVE-2013-7073 was published for typo3/cms (Composer) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Direct Web Remoting Moderate
CVE-2014-5325 was published for org.directwebremoting:dwr (Maven) May 17, 2022
Typo3 Open Redirect In Frontend Rendering Moderate
CVE-2014-9508 was published for typo3/cms (Composer) May 17, 2022
OpenStack keystonemiddleware does not verify certificate Moderate
CVE-2014-7144 was published for keystonemiddleware (pip) May 17, 2022
OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service Moderate
CVE-2015-5286 was published for glance (pip) May 17, 2022
OpenStack Glance Bypass the storage quota and Denial of service Moderate
CVE-2014-9623 was published for glance (pip) May 17, 2022
Improper Input Validation in Apache ActiveMQ Moderate
CVE-2015-6524 was published for org.apache.activemq:activemq-broker (Maven) May 17, 2022
sunSUNQ
OpenStack keystonemiddleware and python-keystoneclient vulnerable to man-in-the-middle attacks Moderate
CVE-2015-1852 was published for keystonemiddleware (pip) May 17, 2022
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability Moderate
CVE-2015-3219 was published for horizon (pip) May 17, 2022
OpenStack Cinder file disclosure in image convert Moderate
CVE-2015-1851 was published for cinder (pip) May 17, 2022
Path Traversal in Eclipse Mojarra Moderate
CVE-2013-3827 was published for org.glassfish:javax.faces (Maven) May 17, 2022
TYPO3 OpenID extension Open redirect vulnerability Moderate
CVE-2013-7079 was published for friendsoftypo3/openid (Composer) May 17, 2022
OpenStack Glance Denial of service by creating a large number of images Moderate
CVE-2014-9684 was published for glance (pip) May 17, 2022
OpenStack Glance Denial of service by creating a large number of images Moderate
CVE-2015-1881 was published for glance (pip) May 17, 2022
Django Reuses Cached CSRF Token Moderate
CVE-2014-0473 was published for django (pip) May 17, 2022
MarkLee131
Code Injection in Django Moderate
CVE-2014-0472 was published for Django (pip) May 17, 2022
MarkLee131
Django Vulnerable to Cache Poisoning Moderate
CVE-2014-1418 was published for django (pip) May 17, 2022
sunSUNQ
OpenStack Neutron allows remote authenticated users to cause a denial of service Moderate
CVE-2014-3555 was published for neutron (pip) May 17, 2022 withdrawn
oliverchang
ProTip! Advisories are also available from the GraphQL API