Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,726 advisories

Loading
Django DoS in django.views.static.serve Moderate
CVE-2015-0221 was published for django (pip) May 17, 2022
sunSUNQ
Django Cross-site Scripting Vulnerability Moderate
CVE-2015-0220 was published for django (pip) May 17, 2022
phpMyAdmin ReCaptcha bypass Moderate
CVE-2015-6830 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
OpenStack keystonemiddleware and python-keystoneclient vulnerable to man-in-the-middle attacks Moderate
CVE-2015-1852 was published for keystonemiddleware (pip) May 17, 2022
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability Moderate
CVE-2015-3219 was published for horizon (pip) May 17, 2022
ZendXml and Zend Framework contain XXE and XEE Vulnerabilities Moderate
CVE-2015-5161 was published for zendframework/zendframework (Composer) May 17, 2022
Denial-of-service possibility in logout() view by filling session store Moderate
CVE-2015-5964 was published for Django (pip) May 17, 2022
MarkLee131
OpenStack Cinder file disclosure in image convert Moderate
CVE-2015-1851 was published for cinder (pip) May 17, 2022
Path Traversal in Eclipse Mojarra Moderate
CVE-2013-3827 was published for org.glassfish:javax.faces (Maven) May 17, 2022
Open redirect in Apache Struts Moderate
CVE-2013-2248 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ
phpMyAdmin Cross-site scripting (XSS) vulnerability via pageNumber value Low
CVE-2013-5002 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
TYPO3 OpenID extension Open redirect vulnerability Moderate
CVE-2013-7079 was published for friendsoftypo3/openid (Composer) May 17, 2022
Symfony Incorrect Access Control Moderate
CVE-2015-4050 was published for symfony/http-kernel (Composer) May 17, 2022
OpenStack Glance Denial of service by creating a large number of images Moderate
CVE-2014-9684 was published for glance (pip) May 17, 2022
OpenStack Glance Denial of service by creating a large number of images Moderate
CVE-2015-1881 was published for glance (pip) May 17, 2022
Code Injection in Django Moderate
CVE-2014-0472 was published for Django (pip) May 17, 2022
MarkLee131
Django Reuses Cached CSRF Token Moderate
CVE-2014-0473 was published for django (pip) May 17, 2022
MarkLee131
Django Vulnerable to MySQL Injection High
CVE-2014-0474 was published for django (pip) May 17, 2022
Django Vulnerable to Cache Poisoning Moderate
CVE-2014-1418 was published for django (pip) May 17, 2022
sunSUNQ
getID3 is vulnerable to XML External Entity (XXE) High
CVE-2014-2053 was published for james-heinrich/getid3 (Composer) May 17, 2022
OpenStack Neutron allows remote authenticated users to cause a denial of service Moderate
CVE-2014-3555 was published for neutron (pip) May 17, 2022 withdrawn
oliverchang
OpenStack Glance improper validation of the image_size_cap configuration option Moderate
CVE-2014-5356 was published for glance (pip) May 17, 2022
Drupal sensitive information disclosure Moderate
CVE-2016-9449 was published for drupal/core (Composer) May 17, 2022
Drupal Open Redirect Moderate
CVE-2016-9451 was published for drupal/core (Composer) May 17, 2022
bottle.py vulnerable to CRLF Injection Moderate
CVE-2016-9964 was published for bottle (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API