Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,894
Maven
5,000+
npm
5,000+
NuGet
963
pip
5,000+
Pub
13
RubyGems
1,061
Rust
1,373
Swift
54
Unreviewed advisories
All unreviewed
5,000+

13,578 advisories

Loading
phpMyAdmin remote variable manipulation Moderate
CVE-2011-2505 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data Moderate
CVE-2011-2894 was published for org.springframework.security:spring-security-core (Maven) May 14, 2022
sunSUNQ Credited to sunSUNQ
Improper Neutralization of Input During Web Page Generation in Mojarra Moderate
CVE-2013-5855 was published for org.glassfish:javax.faces (Maven) May 14, 2022
Improper Neutralization of Input During Web Page Generation in JAMon Moderate
CVE-2013-6235 was published for com.jamonapi:jamon (Maven) May 14, 2022
DOMPDF Arbitrary File Read Moderate
CVE-2014-2383 was published for dompdf/dompdf (Composer) May 14, 2022
Cobbler Path Traversal vulnerability Moderate
CVE-2014-3225 was published for cobbler (pip) May 14, 2022
Apache Syncope uses a weak PNRG Moderate
CVE-2014-3503 was published for org.apache.syncope:syncope (Maven) May 14, 2022
Cross-site scripting in Elasticsearch Moderate
CVE-2014-6439 was published for org.elasticsearch:elasticsearch (Maven) May 14, 2022
Cross-Site Request Forgery in Apache Struts Moderate
CVE-2014-7809 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ Credited to sunSUNQ
Improper Input Validation in Apache Jackrabbit Moderate
CVE-2015-1833 was published for org.apache.jackrabbit:jackrabbit-core (Maven) May 14, 2022
MarkLee131 Credited to MarkLee131
Fat Free CRM Cross-Site Request Forgery vulnerability Moderate
CVE-2015-1585 was published for fat_free_crm (RubyGems) May 14, 2022
tdunlap607 Credited to tdunlap607
Silverstripe CMS Open Redirect Moderate
CVE-2015-5062 was published for silverstripe/cms (Composer) May 14, 2022
Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch Moderate
CVE-2015-5531 was published for org.elasticsearch:elasticsearch (Maven) May 14, 2022
Apache OpenMeetings Directory Traversal vulnerability Moderate
CVE-2016-0784 was published for org.apache.openmeetings:openmeetings-install (Maven) May 14, 2022
Apache OpenMeetings Cross-site Scripting vulnerability Moderate
CVE-2016-2163 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 14, 2022
Apache OpenMeetings Cross-site Scripting vulnerability Moderate
CVE-2016-3089 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 14, 2022
WSO2 Carbon vulnerable to Cross-site Scripting Moderate
CVE-2016-4316 was published for org.wso2.carbon.commons:org.wso2.carbon.messageflows.ui (Maven) May 14, 2022
WSO2 Carbon directory traversal vulnerability Moderate
CVE-2016-4314 was published for org.wso2.carbon.commons:org.wso2.carbon.logging.view.ui (Maven) May 14, 2022
Django Cross-site scripting Vulnerability Moderate
CVE-2016-6186 was published for django (pip) May 14, 2022
Plone vulnerable to filesystem information leak Moderate
CVE-2016-7135 was published for Plone (pip) May 14, 2022
Plone Open Redirect Vulnerability Moderate
CVE-2016-7137 was published for plone (pip) May 14, 2022
Plone XSS Moderate
CVE-2016-7136 was published for plone (pip) May 14, 2022
Plone XSS Moderate
CVE-2016-7138 was published for plone (pip) May 14, 2022
Plone Cross-site Scripting (XSS) vulnerability Moderate
CVE-2016-7139 was published for Plone (pip) May 14, 2022
Plone vulnerable to Cross-site Scripting Moderate
CVE-2016-7140 was published for Plone (pip) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database