GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,984
Erlang
29
GitHub Actions
16
Go
1,771
Maven
4,995
npm
3,541
NuGet
617
pip
3,117
Pub
10
RubyGems
838
Rust
788
Swift
34
Unreviewed advisories
All unreviewed
5,000+
40 advisories
Filter by severity
Django data leakage via querystring manipulation in admin
Low
CVE-2014-0483
was published
for
Django
(pip)
May 14, 2022
OpenStack Glance sensitive information disclosure via logs
Low
CVE-2014-1948
was published
for
glance
(pip)
May 17, 2022
OpenStack Oslo utility sensitive information exposure via log files
Low
CVE-2014-7231
was published
for
oslo.utils
(pip)
May 14, 2022
OpenStack Nova host data leak to vm instance in rescue mode
Low
CVE-2014-0134
was published
for
nova
(pip)
May 17, 2022
OpenStack Nova denial of service through compressed disk images
Low
CVE-2013-4463
was published
for
nova
(pip)
May 17, 2022
OpenStack Nova VMWare driver leaks rescued images
Low
CVE-2014-2573
was published
for
nova
(pip)
May 17, 2022
OpenStack Neutron Race condition vulnerability
Low
CVE-2015-5240
was published
for
neutron
(pip)
May 17, 2022
OpenStack Nova live snapshots use an insecure local directory
Low
CVE-2013-7048
was published
for
nova
(pip)
May 14, 2022
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability in the Host Aggregates interface
Low
CVE-2014-3594
was published
for
horizon
(pip)
May 13, 2022
Ajenti Cross-site scripting (XSS) vulnerability
Low
CVE-2014-2260
was published
for
ajenti
(pip)
May 17, 2022
OpenStack Identity Keystone Privilege Escalation vulnerability
Low
CVE-2013-4477
was published
for
keystone
(pip)
May 17, 2022
Jenkins allows attackers to obtain sensitive information
Low
CVE-2014-2068
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Libcloud does not properly scrub data when destroying a DigitalOcean node
Low
CVE-2013-6480
was published
for
apache-libcloud
(pip)
May 14, 2022
Moodle allows attackers to upload files containing JavaScript
Low
CVE-2014-7835
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site scripting (XSS) vulnerability
Low
CVE-2014-7830
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle multiple cross-site scripting (XSS) vulnerabilities
Low
CVE-2014-3551
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site scripting (XSS) vulnerability
Low
CVE-2014-3544
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site scripting (XSS) vulnerability
Low
CVE-2014-2571
was published
for
moodle/moodle
(Composer)
May 13, 2022
OpenStack Heat template URL information leakage
Low
CVE-2014-3801
was published
for
openstack-heat
(pip)
May 14, 2022
Insecure use of temporary files in Phusion passenger
Low
CVE-2014-1832
was published
for
passenger
(RubyGems)
Oct 10, 2018
OpenStack Horizon Cross-site scripting (XSS) vulnerability
Low
CVE-2014-3474
was published
for
horizon
(pip)
May 13, 2022
pip lack of randomness in build directory
Low
CVE-2014-8991
was published
for
pip
(pip)
May 13, 2022
ember-source Cross-site Scripting vulnerability
Low
CVE-2014-0046
was published
for
ember-source
(RubyGems)
Aug 28, 2018
RPLY Predictable Tmpfile Names Allows Cache Spoofing
Low
CVE-2014-1604
was published
for
RPLY
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API