GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
20,093 advisories
Filter by severity
OpenStack Compute Nova Improper Access Control
Moderate
CVE-2013-4497
was published
for
nova
(pip)
May 17, 2022
Salt has insufficient argument validation in several modules
Moderate
CVE-2013-4435
was published
for
salt
(pip)
May 17, 2022
phpMyAdmin Remote Code Execution
High
CVE-2013-3239
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Tryton Directory Traversal vulnerability
High
CVE-2013-4510
was published
for
trytond
(pip)
May 17, 2022
Apache Struts is vulnerable to Cross-site Scripting
Moderate
CVE-2013-6348
was published
for
org.apache.struts:struts2-core
(Maven)
May 17, 2022
OpenStack Keystone Improper Authentication vulnerability
Moderate
CVE-2013-1865
was published
for
keystone
(pip)
May 17, 2022
Zend Framework XXE Vulnerability
High
CVE-2012-3363
was published
for
zendframework/zendframework1
(Composer)
May 17, 2022
Sup Code Injection vulnerability
Moderate
CVE-2013-4478
was published
for
sup
(RubyGems)
May 17, 2022
Django Directory Traversal via ssi template tag
High
CVE-2013-4315
was published
for
django
(pip)
May 17, 2022
PyOpenSSL Mishandles NUL Byte In Certificate Subject Alternative Name
Moderate
CVE-2013-4314
was published
for
pyOpenSSL
(pip)
May 17, 2022
Drupal improper access restrictions
Moderate
CVE-2012-2153
was published
for
drupal/drupal
(Composer)
May 17, 2022
MoinMoin Multiple unrestricted file upload vulnerabilities
Moderate
CVE-2012-6081
was published
for
moin
(pip)
May 17, 2022
Fat Free CRM vulnerable to Exposure of Sensitive Information
Moderate
CVE-2013-7249
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM allows remote attackers to obtain sensitive information via a direct request
Moderate
CVE-2013-7224
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM contains Cross-site Request Forgery vulnerablilities
Moderate
CVE-2013-7223
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM vulnerable to SQL Injection
Moderate
CVE-2013-7225
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM has fixed token value
Moderate
CVE-2013-7222
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
RubyGems HTTPS to HTTP redirect
Moderate
CVE-2012-2125
was published
for
rubygems-update
(RubyGems)
May 17, 2022
RubyGems does not verify SSL certificate
Moderate
CVE-2012-2126
was published
for
rubygems-update
(RubyGems)
May 17, 2022
TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component
Moderate
CVE-2013-7075
was published
for
typo3/cms
(Composer)
May 17, 2022
TYPO3 Improper Access Control vulnerability
Moderate
CVE-2013-7081
was published
for
typo3/cms-core
(Composer)
May 17, 2022
TYPO3 is vulnerable to Mass Assignment in the Extension table administration library
Moderate
CVE-2013-7080
was published
for
typo3/cms-core
(Composer)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API