GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,984
Erlang
29
GitHub Actions
16
Go
1,770
Maven
4,994
npm
3,540
NuGet
617
pip
3,117
Pub
10
RubyGems
838
Rust
788
Swift
34
Unreviewed advisories
All unreviewed
5,000+
40 advisories
Filter by severity
Low severity vulnerability that affects org.apache.hive:hive-exec, org.apache.hive:hive, and org.apache.hive:hive-service
Low
CVE-2014-0228
was published
for
org.apache.hive:hive
(Maven)
Nov 21, 2018
methodOverride Middleware Reflected Cross-Site Scripting in connect
Low
CVE-2013-7370
was published
for
connect
(npm)
Aug 31, 2020
Exposure of Sensitive Information to an Unauthorized Actor in JBoss Fuse
Low
CVE-2014-0085
was published
for
org.jboss.fuse:jboss-fuse
(Maven)
May 14, 2022
Improper Authentication in Apache Hadoop
Low
CVE-2013-2192
was published
for
org.apache.hadoop:hadoop-common
(Maven)
May 17, 2022
Local API Login Credentials Disclosure in paratrooper-pingdom
Low
CVE-2014-1233
was published
for
paratrooper-pingdom
(RubyGems)
Oct 24, 2017
Insecure use of temporary files in passenger
Low
CVE-2014-1831
was published
for
passenger
(RubyGems)
Oct 10, 2018
phpMyAdmin cross-site scripting vulnerability in crafted view name
Low
CVE-2014-5274
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
phpMyAdmin cross-site scripting Vulnerability in Table or Column Names
Low
CVE-2014-4986
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
phpMyAdmin cross-site scripting Vulnerability via ENUM value
Low
CVE-2014-7217
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Paratrooper-newrelic Exposes of Sensitive Information to an Unauthorized Actor
Low
CVE-2014-1234
was published
for
paratrooper-newrelic
(RubyGems)
Oct 24, 2017
TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component
Low
CVE-2013-7074
was published
for
typo3/cms
(Composer)
May 17, 2022
Kafo allows local users to obtain passwords and other sensitive information by reading default_values.yaml
Low
CVE-2014-0135
was published
for
kafo
(RubyGems)
May 17, 2022
pyxdg Arbitrary File Overwrite via Race Condition
Low
CVE-2014-1624
was published
for
pyxdg
(pip)
May 17, 2022
RPLY Predictable Tmpfile Names Allows Cache Spoofing
Low
CVE-2014-1604
was published
for
RPLY
(pip)
May 17, 2022
ember-source Cross-site Scripting vulnerability
Low
CVE-2014-0046
was published
for
ember-source
(RubyGems)
Aug 28, 2018
pip lack of randomness in build directory
Low
CVE-2014-8991
was published
for
pip
(pip)
May 13, 2022
OpenStack Horizon Cross-site scripting (XSS) vulnerability
Low
CVE-2014-3474
was published
for
horizon
(pip)
May 13, 2022
Insecure use of temporary files in Phusion passenger
Low
CVE-2014-1832
was published
for
passenger
(RubyGems)
Oct 10, 2018
OpenStack Heat template URL information leakage
Low
CVE-2014-3801
was published
for
openstack-heat
(pip)
May 14, 2022
Moodle cross-site scripting (XSS) vulnerability
Low
CVE-2014-2571
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site scripting (XSS) vulnerability
Low
CVE-2014-3544
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle multiple cross-site scripting (XSS) vulnerabilities
Low
CVE-2014-3551
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site scripting (XSS) vulnerability
Low
CVE-2014-7830
was published
for
moodle/moodle
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API