GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,370 advisories
Filter by severity
WPGlobus plugin Stored XSS & CSRF security vulnerability
Moderate
CVE-2018-5367
was published
for
wpglobus/wpglobus
(Composer)
May 14, 2022
WPGlobus plugin Stored XSS & CSRF security vulnerability
Moderate
CVE-2018-5363
was published
for
wpglobus/wpglobus
(Composer)
May 14, 2022
WPGlobus plugin Stored XSS & CSRF security vulnerability
Moderate
CVE-2018-5365
was published
for
wpglobus/wpglobus
(Composer)
May 14, 2022
WPGlobus plugin Stored XSS & CSRF security vulnerability
Moderate
CVE-2018-5366
was published
for
wpglobus/wpglobus
(Composer)
May 14, 2022
WPGlobus plugin Stored XSS & CSRF security vulnerability
Moderate
CVE-2018-5364
was published
for
wpglobus/wpglobus
(Composer)
May 14, 2022
backup-agoddard and backup_checksum have Information Exposure vulnerability
High
CVE-2014-4993
was published
for
backup-agoddard
(RubyGems)
May 14, 2022
VladTheEnterprising allows local users to write to arbitrary files via a symlink attack
Moderate
CVE-2014-4996
was published
for
VladTheEnterprising
(RubyGems)
May 14, 2022
VladTheEnterprising allows local users to obtain sensitive information by reading MySQL root password from temporary file
High
CVE-2014-4995
was published
for
VladTheEnterprising
(RubyGems)
May 14, 2022
codders-dataset Process Table Local Plaintext Credential Disclosure
High
CVE-2014-4991
was published
for
codders-dataset
(RubyGems)
May 14, 2022
kajam allows local users to obtain sensitive information by listing the process
High
CVE-2014-4999
was published
for
kajam
(RubyGems)
May 14, 2022
point-cli allows local users to obtain sensitive information by listing the process
High
CVE-2014-4997
was published
for
point-cli
(RubyGems)
May 14, 2022
lean-ruport allows local users to obtain sensitive information by listing the process
High
CVE-2014-4998
was published
for
lean-ruport
(RubyGems)
May 14, 2022
Improper Certificate Validation in vt-ldap
Moderate
CVE-2014-3607
was published
for
edu.internet2.middleware:shibboleth-identityprovider
(Maven)
May 14, 2022
Open redirect in ASP.NET Core
High
CVE-2017-11879
was published
for
Microsoft.AspNetCore.All
(NuGet)
May 14, 2022
Apache Geode gfsh authorization vulnerability
High
CVE-2017-12622
was published
for
org.apache.geode:geode-core
(Maven)
May 14, 2022
Apache Geode OQL bind parameter vulnerability
Moderate
CVE-2017-9796
was published
for
org.apache.geode:geode-core
(Maven)
May 14, 2022
Magento Cross-Site Request Forgery (CSRF)
Moderate
CVE-2018-5301
was published
for
magento/community-edition
(Composer)
May 14, 2022
Cross-site Scripting in Apache Sling XSS Protection API
Moderate
CVE-2017-15717
was published
for
org.apache.sling:org.apache.sling.xss
(Maven)
May 14, 2022
Pallets Werkzeug cross-site scripting vulnerability
Moderate
CVE-2016-10516
was published
for
Werkzeug
(pip)
May 14, 2022
Smarty PHP code injection
Critical
CVE-2017-1000480
was published
for
smarty/smarty
(Composer)
May 14, 2022
Apache Sling JCR ContentLoader XmlReader Arbitrary File Load
High
CVE-2012-3353
was published
for
org.apache.sling:org.apache.sling.jcr.contentloader
(Maven)
May 14, 2022
Apache Guacamole Race Condition vulnerability
High
CVE-2017-3158
was published
for
org.apache.guacamole:guacamole-common
(Maven)
May 14, 2022
Moodle Privilege escalation in quiz web services
Moderate
CVE-2018-1044
was published
for
moodle/moodle
(Composer)
May 14, 2022
Moodle XSS Vulnerability
Moderate
CVE-2018-1045
was published
for
moodle/moodle
(Composer)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API