GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,439 advisories
Filter by severity
OpenStack Nova Arbitrary file injection/corruption through directory traversal issues
Moderate
CVE-2012-3361
was published
for
nova
(pip)
May 17, 2022
OpenStack Nova Information leak in libvirt LVM-backed instances
Moderate
CVE-2012-5625
was published
for
nova
(pip)
May 17, 2022
OpenStack Compute Nova Improper Access Control
Moderate
CVE-2013-4497
was published
for
nova
(pip)
May 17, 2022
OpenStack Nova Router metadata queries are not restricted by tenant
Moderate
CVE-2013-6419
was published
for
nova
(pip)
May 17, 2022
OpenStack Nova Long server names grow nova-api log files significantly
Moderate
CVE-2012-1585
was published
for
nova
(pip)
May 14, 2022
OpenStack Cinder Denial of Service using XML entities
Moderate
CVE-2013-4202
was published
for
cinder
(pip)
May 14, 2022
OpenStack Cinder file disclosure in image convert
Moderate
CVE-2015-1851
was published
for
cinder
(pip)
May 17, 2022
openstack-neutron uncontrolled resource consumption flaw
Moderate
CVE-2022-3277
was published
for
neutron
(pip)
Mar 7, 2023
openstack-barbican Denial of Service vulnerability
Moderate
CVE-2022-23452
was published
for
barbican
(pip)
Sep 2, 2022
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability
Moderate
CVE-2015-3219
was published
for
horizon
(pip)
May 17, 2022
Openstack DBaaS (Trove) Improper Link Resolution Before File Access
Moderate
CVE-2015-3156
was published
for
trove
(pip)
May 17, 2022
OpenStack Horizon Cross-site scripting (XSS) vulnerability
Moderate
CVE-2012-2094
was published
for
horizon
(pip)
May 17, 2022
OpenStack Identity (Keystone) UUID v2 tokens does not expire with revocation events
Moderate
CVE-2014-5252
was published
for
keystone
(pip)
May 17, 2022
OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events
Moderate
CVE-2014-5251
was published
for
keystone
(pip)
May 17, 2022
OpenStack Keystone Domain-scoped tokens don't get revoked
Moderate
CVE-2014-5253
was published
for
keystone
(pip)
May 17, 2022
OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user
Moderate
CVE-2013-2059
was published
for
keystone
(pip)
May 17, 2022
OpenStack Nova VMware instance leak potentially leading to compute DoS
Moderate
CVE-2014-8333
was published
for
nova
(pip)
May 14, 2022
OpenStack Nova host data access through resize/migration
Moderate
CVE-2016-2140
was published
for
nova
(pip)
May 14, 2022
OpenStack Nova Potential Xen connection password leak via StorageError
Moderate
CVE-2015-8749
was published
for
nova
(pip)
May 14, 2022
OpenStack Nova Multiple directory traversal vulnerabilities
Moderate
CVE-2011-4596
was published
for
nova
(pip)
May 14, 2022
OpenStack Nova Denial of Service in network source security groups
Moderate
CVE-2013-4185
was published
for
nova
(pip)
May 14, 2022
OpenStack Compute (Nova) Denial of service via a large number of calls to the addFixedIp function
Moderate
CVE-2013-1838
was published
for
nova
(pip)
May 17, 2022
OpenStack Identity (Keystone) Trustee token revocations does not work with memcache backend
Moderate
CVE-2014-2237
was published
for
keystone
(pip)
May 17, 2022
OpenStack Compute (Nova) Improper Input Validation
Moderate
CVE-2012-2654
was published
for
nova
(pip)
May 17, 2022
OpenStack Identity Keystone Improper Access Control
Moderate
CVE-2016-4911
was published
for
keystone
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API