Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,028
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,157
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,732 advisories

Loading
Drupal Incorrect cache context on password reset page High
CVE-2016-9450 was published for drupal/core (Composer) May 17, 2022
Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML Moderate
CVE-2015-1796 was published for edu.internet2.middleware:shibboleth-identityprovider (Maven) May 17, 2022
Improper Access Control in Apache Hadoop High
CVE-2016-5393 was published for org.apache.hadoop:hadoop-common (Maven) May 17, 2022
MediaElement Vulnerable to Reflected XSS Moderate
CVE-2016-4567 was published for contao-components/mediaelement (Composer) May 17, 2022
Slim vulnerable to PHP object injection High
CVE-2015-2171 was published for slim/slim (Composer) May 17, 2022
Django Cross-site Scripting Vulnerability Moderate
CVE-2015-2241 was published for django (pip) May 17, 2022
Symfony Vulnerable to PHP Eval Injection Moderate
CVE-2015-2308 was published for symfony/http-kernel (Composer) May 17, 2022
ceph-deploy allows local users to obtain sensitive information by reading the file Low
CVE-2015-3010 was published for ceph-deploy (pip) May 17, 2022
OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service High
CVE-2016-0737 was published for swift (pip) May 17, 2022
phpMyAdmin Cross-site scripting (XSS) vulnerability in SQL parser Moderate
CVE-2016-2559 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
phpMyAdmin Improper Input Validation Moderate
CVE-2016-2562 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Yii Framework Cross-site Scripting Vulnerability Moderate
CVE-2015-3397 was published for yiisoft/yii2 (Composer) May 17, 2022
Dolibarr ERP and CRM contain Cross-site Scripting Vulnerability Moderate
CVE-2015-3935 was published for dolibarr/dolibarr (Composer) May 17, 2022
Django allows user sessions hijacking via an empty string in the session key Moderate
CVE-2015-3982 was published for Django (pip) May 17, 2022
MarkLee131
Radicale regex metacharacters injection in the user name Moderate
CVE-2015-8748 was published for Radicale (pip) May 17, 2022
Radicale vulnerable to arbitrary file read or write Critical
CVE-2015-8747 was published for Radicale (pip) May 17, 2022
OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service High
CVE-2016-0738 was published for swift (pip) May 17, 2022
Restlet Arbitrary Java Code Execution via a serialized object High
CVE-2013-4271 was published for org.restlet.jse:org.restlet (Maven) May 17, 2022
Improper Control of Generation of Code ('Code Injection') in Spring Framework Moderate
CVE-2010-1622 was published for org.springframework:spring (Maven) May 17, 2022
sunSUNQ
OpenStack Glance Bypass the storage quota and Denial of service Moderate
CVE-2014-9623 was published for glance (pip) May 17, 2022
Code injection in Apache Struts High
CVE-2013-4316 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ
Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML High
CVE-2013-4221 was published for org.restlet.jse:org.restlet (Maven) May 17, 2022
MarkLee131
Improper Input Validation in Jupyter Notebook Moderate
CVE-2015-7337 was published for ipython (pip) May 17, 2022
Symfony Vulnerable to Timing Attack High
CVE-2015-8125 was published for symfony/form (Composer) May 17, 2022
Django settings leak in date template filter Moderate
CVE-2015-8213 was published for django (pip) May 17, 2022
sunSUNQ
ProTip! Advisories are also available from the GraphQL API