GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
20,093 advisories
Filter by severity
phpMyAdmin Multiple cross-site scripting (XSS) vulnerabilities
Moderate
CVE-2013-4997
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Rack-Cache caches sensitive headers
Moderate
CVE-2012-2671
was published
for
rack-cache
(RubyGems)
May 17, 2022
Eucalyptus Unauthorized Access to CC/NC Log Files
Moderate
CVE-2013-4766
was published
for
org.jclouds.api:eucalyptus
(Maven)
May 17, 2022
OpenStack Compute (Nova) Resource limit circumvention in Nova private flavors
Low
CVE-2013-4278
was published
for
nova
(pip)
May 17, 2022
pyshop vulnerable to man-in-the-middle attacks due to using HTTP to retrieve packages from the PyPI repository
Moderate
CVE-2013-1630
was published
for
pyshop
(pip)
May 17, 2022
graphite-web is vulnerable to Remote Code Execution
Critical
CVE-2013-5942
was published
for
graphite-web
(pip)
May 17, 2022
graphite-web is vulnerable to Remote Code Execution via renderLocalView function
Critical
CVE-2013-5093
was published
for
graphite-web
(pip)
May 17, 2022
Improper Neutralization of Input During Web Page Generation in JavaMelody
Moderate
CVE-2013-4378
was published
for
net.bull.javamelody:javamelody-core
(Maven)
May 17, 2022
Improper Authentication in OpenSAML
Moderate
CVE-2011-1411
was published
for
org.opensaml:opensaml
(Maven)
May 17, 2022
Setuptools vulnerable to Man-in-the-middle attacks
High
CVE-2013-1633
was published
for
setuptools
(pip)
May 17, 2022
FriendsOfSymfony FOSUserBundle denial of service via login form
Moderate
CVE-2013-5750
was published
for
friendsofsymfony/user-bundle
(Composer)
May 17, 2022
Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security
Moderate
CVE-2011-2731
was published
for
org.springframework.security:spring-security-core
(Maven)
May 17, 2022
Apache Shindig PHP Sensitive Information Disclosure
Moderate
CVE-2013-4295
was published
for
org.apache.shindig:shindig-php
(Maven)
May 17, 2022
Apache Sling Auth Core bundle vulnerable to Open Redirection
Moderate
CVE-2013-4390
was published
for
org.apache.sling:org.apache.sling.auth.core
(Maven)
May 17, 2022
PyCrypto does not properly reseed PRNG before allowing access
Moderate
CVE-2013-1445
was published
for
pycrypto
(pip)
May 17, 2022
Rack Gem Subject to Denial of Service via Hash Collisions
Moderate
CVE-2011-5036
was published
for
org.jruby:jruby-parent
(RubyGems)
May 17, 2022
OpenStack Cinder LVMVolumeDriver does not zero deleted snapshots
Low
CVE-2013-4183
was published
for
cinder
(pip)
May 17, 2022
OpenStack Swift allows authenticated users to cause a denial of service
Moderate
CVE-2013-4155
was published
for
swift
(pip)
May 17, 2022
OpenStack Compute (Nova) vulnerable to denial of service via XML Entity Expansion attack
Moderate
CVE-2013-4179
was published
for
nova
(pip)
May 17, 2022
OpenStack Identity (Keystone) allows remote attackers to bypass intended access restrictions via revoked PKI token
Moderate
CVE-2013-4294
was published
for
keystone
(pip)
May 17, 2022
Apache Solr for TYPO3 (solr) extension is vulnerable to Insecure Unserialize
Critical
CVE-2013-6288
was published
for
apache-solr-for-typo3/solr
(Composer)
May 17, 2022
Apache Solr for TYPO3 (solr) extension is vulnerable to Cross-site scripting (XSS)
Moderate
CVE-2013-6289
was published
for
apache-solr-for-typo3/solr
(Composer)
May 17, 2022
SaltStack Privilege Escalation vulnerability
High
CVE-2013-6617
was published
for
salt
(pip)
May 17, 2022
Tiki Wiki CMS Groupware Cross-site scripting (XSS) vulnerability
Moderate
CVE-2013-4714
was published
for
tikiwiki/tiki-manager
(Composer)
May 17, 2022
OpenStack Compute Nova Improper Access Control
Moderate
CVE-2013-4497
was published
for
nova
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API