Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

320 advisories

Loading
Symfony has a security issue when parsing the Authorization header Moderate
CVE-2014-6061 was published for symfony/http-foundation (Composer) May 30, 2024
Corveda PHPSandbox Protection Mechanism Failure vulnerability Moderate
CVE-2014-125107 was published for corveda/phpsandbox (Composer) Dec 19, 2023
Cross Site Scripting in evershop Moderate
CVE-2023-46494 was published for @evershop/evershop (npm) Dec 8, 2023
Statamic's Antlers sanitizer cannot effectively sanitize malicious SVG Moderate
CVE-2023-36828 was published for statamic/cms (Composer) Jul 6, 2023
robyfirnandoyusuf
Microweber vulnerable to cross-site scripting (XSS) Moderate
CVE-2023-2014 was published for microweber/microweber (Composer) Apr 13, 2023
Reflective Cross-site Scripting Vulnerability in twitter-bootstrap-rails Moderate
CVE-2014-4920 was published for twitter-bootstrap-rails (RubyGems) Mar 16, 2023
easy-scrypt Observable Timing Discrepancy vulnerability Moderate
CVE-2014-125055 was published for github.com/agnivade/easy-scrypt (Go) Jan 7, 2023
net-ldap has weak salt when generating passwords Moderate
CVE-2014-0083 was published for net-ldap (RubyGems) May 24, 2022
HornetQ REST vulnerable to Improper Restriction of XML External Entity Reference Moderate
CVE-2014-3599 was published for org.hornetq.rest:hornetq-rest (Maven) May 24, 2022
Passwords stored in plain text by ElasTest Plugin Moderate
CVE-2020-2274 was published for org.jenkins-ci.plugins:elastest (Maven) May 24, 2022
NotMyFault
Ansible discloses credential information Moderate
CVE-2014-4660 was published for ansible (pip) May 17, 2022
Ansible Sensitive Files Are Locally Readable Moderate
CVE-2014-4658 was published for ansible (pip) May 17, 2022
Ansible sets unsafe permissions for sources.list Moderate
CVE-2014-4659 was published for ansible (pip) May 17, 2022
DCE extension for Typo3 Discloses Environment Information Moderate
CVE-2014-8328 was published for t3/dce (Composer) May 17, 2022
Tornado XSRF cookie allows side-channel attack against TLS (BREACH attack) Moderate
CVE-2014-9720 was published for tornado (pip) May 17, 2022
DOMPDF denial of service vulnerability Moderate
CVE-2014-5012 was published for dompdf/dompdf (Composer) May 17, 2022
DOMPDF Information Disclosure Moderate
CVE-2014-5011 was published for dompdf/dompdf (Composer) May 17, 2022
ovirt-engine-sdk-python improper validation of hostname in x.509 certificate Moderate
CVE-2014-0161 was published for ovirt-engine-sdk-python (pip) May 17, 2022
JBoss KeyCloak Open Redirect Moderate
CVE-2014-3652 was published for org.keycloak:keycloak-services (Maven) May 17, 2022
JBoss KeyCloak Cross-site Scripting Vulnerability Moderate
CVE-2014-3656 was published for org.keycloak:keycloak-core (Maven) May 17, 2022
openshift-origin-node Improper Input Validation vulnerability Moderate
CVE-2014-0084 was published for openshift-origin-node (RubyGems) May 17, 2022
JBoss KeyCloak is vulnerable to soft token deletion via CSRF Moderate
CVE-2014-3655 was published for org.keycloak:keycloak-services (Maven) May 17, 2022
TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component Moderate
CVE-2013-7075 was published for typo3/cms (Composer) May 17, 2022
TYPO3 Improper Access Control vulnerability Moderate
CVE-2013-7081 was published for typo3/cms-core (Composer) May 17, 2022
TYPO3 is vulnerable to Mass Assignment in the Extension table administration library Moderate
CVE-2013-7080 was published for typo3/cms-core (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API