Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

20,093 advisories

Loading
phpMyAdmin Multiple cross-site scripting (XSS) vulnerabilities Moderate
CVE-2013-4997 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Rack-Cache caches sensitive headers Moderate
CVE-2012-2671 was published for rack-cache (RubyGems) May 17, 2022
Eucalyptus Unauthorized Access to CC/NC Log Files Moderate
CVE-2013-4766 was published for org.jclouds.api:eucalyptus (Maven) May 17, 2022
OpenStack Compute (Nova) Resource limit circumvention in Nova private flavors Low
CVE-2013-4278 was published for nova (pip) May 17, 2022
pyshop vulnerable to man-in-the-middle attacks due to using HTTP to retrieve packages from the PyPI repository Moderate
CVE-2013-1630 was published for pyshop (pip) May 17, 2022
graphite-web is vulnerable to Remote Code Execution Critical
CVE-2013-5942 was published for graphite-web (pip) May 17, 2022
graphite-web is vulnerable to Remote Code Execution via renderLocalView function Critical
CVE-2013-5093 was published for graphite-web (pip) May 17, 2022
Improper Neutralization of Input During Web Page Generation in JavaMelody Moderate
CVE-2013-4378 was published for net.bull.javamelody:javamelody-core (Maven) May 17, 2022
MarkLee131
Improper Authentication in OpenSAML Moderate
CVE-2011-1411 was published for org.opensaml:opensaml (Maven) May 17, 2022
Setuptools vulnerable to Man-in-the-middle attacks High
CVE-2013-1633 was published for setuptools (pip) May 17, 2022
FriendsOfSymfony FOSUserBundle denial of service via login form Moderate
CVE-2013-5750 was published for friendsofsymfony/user-bundle (Composer) May 17, 2022
Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security Moderate
CVE-2011-2731 was published for org.springframework.security:spring-security-core (Maven) May 17, 2022
Apache Shindig PHP Sensitive Information Disclosure Moderate
CVE-2013-4295 was published for org.apache.shindig:shindig-php (Maven) May 17, 2022
Apache Sling Auth Core bundle vulnerable to Open Redirection Moderate
CVE-2013-4390 was published for org.apache.sling:org.apache.sling.auth.core (Maven) May 17, 2022
PyCrypto does not properly reseed PRNG before allowing access Moderate
CVE-2013-1445 was published for pycrypto (pip) May 17, 2022
Rack Gem Subject to Denial of Service via Hash Collisions Moderate
CVE-2011-5036 was published for org.jruby:jruby-parent (RubyGems) May 17, 2022
OpenStack Compute (Nova) vulnerable to denial of service via XML Entity Expansion attack Moderate
CVE-2013-4179 was published for nova (pip) May 17, 2022
OpenStack Cinder LVMVolumeDriver does not zero deleted snapshots Low
CVE-2013-4183 was published for cinder (pip) May 17, 2022
OpenStack Swift allows authenticated users to cause a denial of service Moderate
CVE-2013-4155 was published for swift (pip) May 17, 2022
OpenStack Identity (Keystone) allows remote attackers to bypass intended access restrictions via revoked PKI token Moderate
CVE-2013-4294 was published for keystone (pip) May 17, 2022
Apache Solr for TYPO3 (solr) extension is vulnerable to Insecure Unserialize Critical
CVE-2013-6288 was published for apache-solr-for-typo3/solr (Composer) May 17, 2022
Apache Solr for TYPO3 (solr) extension is vulnerable to Cross-site scripting (XSS) Moderate
CVE-2013-6289 was published for apache-solr-for-typo3/solr (Composer) May 17, 2022
SaltStack Privilege Escalation vulnerability High
CVE-2013-6617 was published for salt (pip) May 17, 2022
Tiki Wiki CMS Groupware Cross-site scripting (XSS) vulnerability Moderate
CVE-2013-4714 was published for tikiwiki/tiki-manager (Composer) May 17, 2022
Minion identity not validated in saltstack Moderate
CVE-2013-4439 was published for salt (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API