Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

40 advisories

Loading
OpenStack Identity Keystone Privilege Escalation vulnerability Low
CVE-2013-4477 was published for keystone (pip) May 17, 2022
OpenStack Glance sensitive information disclosure via logs Low
CVE-2014-1948 was published for glance (pip) May 17, 2022
OpenStack Nova VMWare driver leaks rescued images Low
CVE-2014-2573 was published for nova (pip) May 17, 2022
Ajenti Cross-site scripting (XSS) vulnerability Low
CVE-2014-2260 was published for ajenti (pip) May 17, 2022
Kafo allows local users to obtain passwords and other sensitive information by reading default_values.yaml Low
CVE-2014-0135 was published for kafo (RubyGems) May 17, 2022
OpenStack Nova denial of service through compressed disk images Low
CVE-2013-4463 was published for nova (pip) May 17, 2022
OpenStack Nova host data leak to vm instance in rescue mode Low
CVE-2014-0134 was published for nova (pip) May 17, 2022
phpMyAdmin cross-site scripting Vulnerability via ENUM value Low
CVE-2014-7217 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Jenkins allows attackers to obtain sensitive information Low
CVE-2014-2068 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
OpenStack Neutron Race condition vulnerability Low
CVE-2015-5240 was published for neutron (pip) May 17, 2022
phpMyAdmin cross-site scripting Vulnerability in Table or Column Names Low
CVE-2014-4986 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Improper Authentication in Apache Hadoop Low
CVE-2013-2192 was published for org.apache.hadoop:hadoop-common (Maven) May 17, 2022
TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component Low
CVE-2013-7074 was published for typo3/cms (Composer) May 17, 2022
RPLY Predictable Tmpfile Names Allows Cache Spoofing Low
CVE-2014-1604 was published for RPLY (pip) May 17, 2022
pyxdg Arbitrary File Overwrite via Race Condition Low
CVE-2014-1624 was published for pyxdg (pip) May 17, 2022
OpenStack Heat template URL information leakage Low
CVE-2014-3801 was published for openstack-heat (pip) May 14, 2022
Typo3 XSS Vulnerabilities Low
CVE-2014-3943 was published for typo3/cms (Composer) May 14, 2022
Libcloud does not properly scrub data when destroying a DigitalOcean node Low
CVE-2013-6480 was published for apache-libcloud (pip) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in JBoss Fuse Low
CVE-2014-0085 was published for org.jboss.fuse:jboss-fuse (Maven) May 14, 2022
Django data leakage via querystring manipulation in admin Low
CVE-2014-0483 was published for Django (pip) May 14, 2022
MarkLee131
phpMyAdmin cross-site scripting vulnerability in crafted view name Low
CVE-2014-5274 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
OpenStack Nova live snapshots use an insecure local directory Low
CVE-2013-7048 was published for nova (pip) May 14, 2022
OpenStack Oslo utility sensitive information exposure via log files Low
CVE-2014-7231 was published for oslo.utils (pip) May 14, 2022
Moodle cross-site scripting (XSS) vulnerability Low
CVE-2014-2571 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle allows attackers to upload files containing JavaScript Low
CVE-2014-7835 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
ProTip! Advisories are also available from the GraphQL API