GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,028
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,157
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,732 advisories
Filter by severity
Drupal Incorrect cache context on password reset page
High
CVE-2016-9450
was published
for
drupal/core
(Composer)
May 17, 2022
Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML
Moderate
CVE-2015-1796
was published
for
edu.internet2.middleware:shibboleth-identityprovider
(Maven)
May 17, 2022
Improper Access Control in Apache Hadoop
High
CVE-2016-5393
was published
for
org.apache.hadoop:hadoop-common
(Maven)
May 17, 2022
MediaElement Vulnerable to Reflected XSS
Moderate
CVE-2016-4567
was published
for
contao-components/mediaelement
(Composer)
May 17, 2022
Slim vulnerable to PHP object injection
High
CVE-2015-2171
was published
for
slim/slim
(Composer)
May 17, 2022
Django Cross-site Scripting Vulnerability
Moderate
CVE-2015-2241
was published
for
django
(pip)
May 17, 2022
Symfony Vulnerable to PHP Eval Injection
Moderate
CVE-2015-2308
was published
for
symfony/http-kernel
(Composer)
May 17, 2022
ceph-deploy allows local users to obtain sensitive information by reading the file
Low
CVE-2015-3010
was published
for
ceph-deploy
(pip)
May 17, 2022
OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service
High
CVE-2016-0737
was published
for
swift
(pip)
May 17, 2022
phpMyAdmin Cross-site scripting (XSS) vulnerability in SQL parser
Moderate
CVE-2016-2559
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
phpMyAdmin Improper Input Validation
Moderate
CVE-2016-2562
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Yii Framework Cross-site Scripting Vulnerability
Moderate
CVE-2015-3397
was published
for
yiisoft/yii2
(Composer)
May 17, 2022
Dolibarr ERP and CRM contain Cross-site Scripting Vulnerability
Moderate
CVE-2015-3935
was published
for
dolibarr/dolibarr
(Composer)
May 17, 2022
Django allows user sessions hijacking via an empty string in the session key
Moderate
CVE-2015-3982
was published
for
Django
(pip)
May 17, 2022
Radicale regex metacharacters injection in the user name
Moderate
CVE-2015-8748
was published
for
Radicale
(pip)
May 17, 2022
Radicale vulnerable to arbitrary file read or write
Critical
CVE-2015-8747
was published
for
Radicale
(pip)
May 17, 2022
OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service
High
CVE-2016-0738
was published
for
swift
(pip)
May 17, 2022
Restlet Arbitrary Java Code Execution via a serialized object
High
CVE-2013-4271
was published
for
org.restlet.jse:org.restlet
(Maven)
May 17, 2022
Improper Control of Generation of Code ('Code Injection') in Spring Framework
Moderate
CVE-2010-1622
was published
for
org.springframework:spring
(Maven)
May 17, 2022
OpenStack Glance Bypass the storage quota and Denial of service
Moderate
CVE-2014-9623
was published
for
glance
(pip)
May 17, 2022
Code injection in Apache Struts
High
CVE-2013-4316
was published
for
org.apache.struts:struts2-core
(Maven)
May 17, 2022
Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML
High
CVE-2013-4221
was published
for
org.restlet.jse:org.restlet
(Maven)
May 17, 2022
Improper Input Validation in Jupyter Notebook
Moderate
CVE-2015-7337
was published
for
ipython
(pip)
May 17, 2022
Symfony Vulnerable to Timing Attack
High
CVE-2015-8125
was published
for
symfony/form
(Composer)
May 17, 2022
Django settings leak in date template filter
Moderate
CVE-2015-8213
was published
for
django
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API