Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,370 advisories

Loading
WPGlobus plugin Stored XSS & CSRF security vulnerability Moderate
CVE-2018-5367 was published for wpglobus/wpglobus (Composer) May 14, 2022
WPGlobus plugin Stored XSS & CSRF security vulnerability Moderate
CVE-2018-5363 was published for wpglobus/wpglobus (Composer) May 14, 2022
WPGlobus plugin Stored XSS & CSRF security vulnerability Moderate
CVE-2018-5365 was published for wpglobus/wpglobus (Composer) May 14, 2022
WPGlobus plugin Stored XSS & CSRF security vulnerability Moderate
CVE-2018-5366 was published for wpglobus/wpglobus (Composer) May 14, 2022
WPGlobus plugin Stored XSS & CSRF security vulnerability Moderate
CVE-2018-5364 was published for wpglobus/wpglobus (Composer) May 14, 2022
backup-agoddard and backup_checksum have Information Exposure vulnerability High
CVE-2014-4993 was published for backup-agoddard (RubyGems) May 14, 2022
VladTheEnterprising allows local users to write to arbitrary files via a symlink attack Moderate
CVE-2014-4996 was published for VladTheEnterprising (RubyGems) May 14, 2022
Arbitrary file write in NumPy Moderate
CVE-2014-1858 was published for numpy (pip) May 14, 2022
jhutchings1
VladTheEnterprising allows local users to obtain sensitive information by reading MySQL root password from temporary file High
CVE-2014-4995 was published for VladTheEnterprising (RubyGems) May 14, 2022
codders-dataset Process Table Local Plaintext Credential Disclosure High
CVE-2014-4991 was published for codders-dataset (RubyGems) May 14, 2022
jasnow
kajam allows local users to obtain sensitive information by listing the process High
CVE-2014-4999 was published for kajam (RubyGems) May 14, 2022
point-cli allows local users to obtain sensitive information by listing the process High
CVE-2014-4997 was published for point-cli (RubyGems) May 14, 2022
lean-ruport allows local users to obtain sensitive information by listing the process High
CVE-2014-4998 was published for lean-ruport (RubyGems) May 14, 2022
Improper Certificate Validation in vt-ldap Moderate
CVE-2014-3607 was published for edu.internet2.middleware:shibboleth-identityprovider (Maven) May 14, 2022
Open redirect in ASP.NET Core High
CVE-2017-11879 was published for Microsoft.AspNetCore.All (NuGet) May 14, 2022
Apache Geode gfsh authorization vulnerability High
CVE-2017-12622 was published for org.apache.geode:geode-core (Maven) May 14, 2022
Apache Geode OQL bind parameter vulnerability Moderate
CVE-2017-9796 was published for org.apache.geode:geode-core (Maven) May 14, 2022
Magento Cross-Site Request Forgery (CSRF) Moderate
CVE-2018-5301 was published for magento/community-edition (Composer) May 14, 2022
Cross-site Scripting in Apache Sling XSS Protection API Moderate
CVE-2017-15717 was published for org.apache.sling:org.apache.sling.xss (Maven) May 14, 2022
Pallets Werkzeug cross-site scripting vulnerability Moderate
CVE-2016-10516 was published for Werkzeug (pip) May 14, 2022
jhutchings1
Smarty PHP code injection Critical
CVE-2017-1000480 was published for smarty/smarty (Composer) May 14, 2022
Apache Sling JCR ContentLoader XmlReader Arbitrary File Load High
CVE-2012-3353 was published for org.apache.sling:org.apache.sling.jcr.contentloader (Maven) May 14, 2022
Apache Guacamole Race Condition vulnerability High
CVE-2017-3158 was published for org.apache.guacamole:guacamole-common (Maven) May 14, 2022
Moodle Privilege escalation in quiz web services Moderate
CVE-2018-1044 was published for moodle/moodle (Composer) May 14, 2022
Moodle XSS Vulnerability Moderate
CVE-2018-1045 was published for moodle/moodle (Composer) May 14, 2022
ProTip! Advisories are also available from the GraphQL API