GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,980
Erlang
29
GitHub Actions
16
Go
1,769
Maven
4,994
npm
3,540
NuGet
616
pip
3,110
Pub
10
RubyGems
837
Rust
787
Swift
34
Unreviewed advisories
All unreviewed
5,000+
321 advisories
Filter by severity
Path Traversal in Docker
Moderate
CVE-2014-9356
was published
for
github.com/docker/docker
(Go)
May 18, 2021
EC-CUBE vulnerable to authorization bypass
Moderate
CVE-2014-0808
was published
for
ec-cube/ec-cube
(Composer)
May 17, 2022
Symfony has a security issue when parsing the Authorization header
Moderate
CVE-2014-6061
was published
for
symfony/http-foundation
(Composer)
May 30, 2024
OpenStack Identity (Keystone) Denial of Service
Moderate
CVE-2013-2014
was published
for
keystone
(pip)
May 13, 2022
Loop with Unreachable Exit Condition in Apache CXF
Moderate
CVE-2014-3584
was published
for
org.apache.cxf:cxf-rt-frontend-jaxrs
(Maven)
May 13, 2022
OpenStack Glance Bypass the storage quota and Denial of service
Moderate
CVE-2014-9623
was published
for
glance
(pip)
May 17, 2022
OpenStack Glance Denial of service by creating a large number of images
Moderate
CVE-2014-9684
was published
for
glance
(pip)
May 17, 2022
OpenStack Glance Denial of service by creating a large number of images
Moderate
CVE-2015-1881
was published
for
glance
(pip)
May 17, 2022
OpenStack Glance improper validation of the image_size_cap configuration option
Moderate
CVE-2014-5356
was published
for
glance
(pip)
May 17, 2022
OpenStack Glance v2 API unrestricted path traversal through filesystem:// scheme
Moderate
CVE-2015-1195
was published
for
glance
(pip)
May 14, 2022
OpenStack Swift metadata constraints are not correctly enforced
Moderate
CVE-2014-7960
was published
for
swift
(pip)
May 17, 2022
OpenStack Nova Router metadata queries are not restricted by tenant
Moderate
CVE-2013-6419
was published
for
nova
(pip)
May 17, 2022
OpenStack Cinder file disclosure in image convert
Moderate
CVE-2015-1851
was published
for
cinder
(pip)
May 17, 2022
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability
Moderate
CVE-2015-3219
was published
for
horizon
(pip)
May 17, 2022
OpenStack Identity (Keystone) UUID v2 tokens does not expire with revocation events
Moderate
CVE-2014-5252
was published
for
keystone
(pip)
May 17, 2022
OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events
Moderate
CVE-2014-5251
was published
for
keystone
(pip)
May 17, 2022
OpenStack Keystone Domain-scoped tokens don't get revoked
Moderate
CVE-2014-5253
was published
for
keystone
(pip)
May 17, 2022
OpenStack Nova VMware instance leak potentially leading to compute DoS
Moderate
CVE-2014-8333
was published
for
nova
(pip)
May 14, 2022
OpenStack Identity (Keystone) Trustee token revocations does not work with memcache backend
Moderate
CVE-2014-2237
was published
for
keystone
(pip)
May 17, 2022
OpenStack Nova DoS through ephemeral disk backing files
Moderate
CVE-2013-6437
was published
for
nova
(pip)
May 14, 2022
OpenStack Nova instance migration process does not stop when instance is deleted
Moderate
CVE-2015-3241
was published
for
nova
(pip)
May 14, 2022
OpenStack Identity Keystone Improper Privilege Management
Moderate
CVE-2014-0204
was published
for
keystone
(pip)
May 13, 2022
OpenStack Identity Keystone Exposure of Sensitive Information
Moderate
CVE-2014-3621
was published
for
keystone
(pip)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API