GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
20,093 advisories
Filter by severity
python-keystoneclient missing expiration check in PKI token validation
Moderate
CVE-2013-2104
was published
for
python-keystoneclient
(pip)
May 17, 2022
EC-CUBE vulnerable to authorization bypass
Moderate
CVE-2014-0808
was published
for
ec-cube/ec-cube
(Composer)
May 17, 2022
Django Denial of Service Vulnerability in the authentication framework
High
CVE-2013-1443
was published
for
Django
(pip)
May 17, 2022
Code injection via property expansion in SoapUI
High
CVE-2014-1202
was published
for
com.smartbear.soapui:soapui
(Maven)
May 17, 2022
Python Swift client is vulnerable to Missing SSL Certificate Check
Moderate
CVE-2013-6396
was published
for
python-swiftclient
(pip)
May 17, 2022
CiviCRM SQL injection vulnerability via Quick Search API
Moderate
CVE-2013-4662
was published
for
civicrm/civicrm-core
(Composer)
May 17, 2022
OpenStack Identity Keystone Privilege Escalation vulnerability
Low
CVE-2013-4477
was published
for
keystone
(pip)
May 17, 2022
Improper Restriction of XML External Entity Reference in Apache Solr
High
CVE-2012-6612
was published
for
org.apache.solr:solr-core
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in JGroup
Moderate
CVE-2013-4112
was published
for
org.jgroups:jgroups
(Maven)
May 17, 2022
OpenStack Nova Router metadata queries are not restricted by tenant
Moderate
CVE-2013-6419
was published
for
nova
(pip)
May 17, 2022
OpenStack Glance sensitive information disclosure via logs
Low
CVE-2014-1948
was published
for
glance
(pip)
May 17, 2022
OpenStack Swift Discloses Secret URLs to Timing Attack
Moderate
CVE-2014-0006
was published
for
swift
(pip)
May 17, 2022
Plone Privilege escalation due improper authorization
Moderate
CVE-2013-4189
was published
for
Plone
(pip)
May 17, 2022
Plone Authenticated Denial of Service vulnerability
Moderate
CVE-2013-4188
was published
for
plone
(pip)
May 17, 2022
Plone's authenticated users able to alter their password despite of policy definition
Moderate
CVE-2013-4198
was published
for
Plone
(pip)
May 17, 2022
Plone is vulnerable to email spoofing
Moderate
CVE-2013-4192
was published
for
plone
(pip)
May 17, 2022
Plone Denial of Service vulnerability via decompressing large zip archives
Low
CVE-2013-4199
was published
for
plone
(pip)
May 17, 2022
Plone is vulnerable to File System Path Exposure
Low
CVE-2013-4194
was published
for
plone
(pip)
May 17, 2022
Plone is vulnerable to information exposure via the object manager implementation
Moderate
CVE-2013-4196
was published
for
plone
(pip)
May 17, 2022
Plone is vulnerable to Information Exposure when generating zip archives
Moderate
CVE-2013-4191
was published
for
plone
(pip)
May 17, 2022
Plone Multiple cross-site scripting (XSS) vulnerabilities
Moderate
CVE-2013-4190
was published
for
plone
(pip)
May 17, 2022
Plone Multiple open redirect vulnerabilities
Moderate
CVE-2013-4195
was published
for
plone
(pip)
May 17, 2022
DotNetNuke (DNN) Open redirect vulnerability
Moderate
CVE-2013-7335
was published
for
DotNetNuke.Core
(NuGet)
May 17, 2022
Plone Unrestricted Filed Manipulation vulnerability via content edit forms
Moderate
CVE-2013-4193
was published
for
plone
(pip)
May 17, 2022
Plone Improper Access Control Vulnerability
High
CVE-2013-4197
was published
for
plone
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API