GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,477 advisories
Filter by severity
Improper Restriction of XML External Entity Reference in Apache POI
Moderate
CVE-2014-3529
was published
for
org.apache.poi:poi
(Maven)
May 17, 2022
SaltStack Salt Insecure Temporary File Creation
High
CVE-2014-3563
was published
for
salt
(pip)
May 17, 2022
Jenkins Path Traversal vulnerability
Moderate
CVE-2014-3664
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Improper Input Validation in Apache POI
Moderate
CVE-2014-3574
was published
for
org.apache.poi:poi
(Maven)
May 17, 2022
SaltStack Salt Directory traversal vulnerability in minion id validation
Critical
CVE-2017-12791
was published
for
salt
(pip)
May 17, 2022
zend-diactoros Cross-site Scripting (XSS)
Moderate
CVE-2015-3257
was published
for
zendframework/zend-diactoros
(Composer)
May 17, 2022
Insecure cookie storage in Apache Atlas
Moderate
CVE-2017-3150
was published
for
org.apache.atlas:atlas-common
(Maven)
May 17, 2022
Path Traversal in Apache Atlas
High
CVE-2016-8752
was published
for
org.apache.atlas:atlas-common
(Maven)
May 17, 2022
Cross-site Scripting in Apache Atlas
Moderate
CVE-2017-3153
was published
for
org.apache.atlas:atlas-common
(Maven)
May 17, 2022
Cross-site Scripting in Apache Atlas
Moderate
CVE-2017-3152
was published
for
org.apache.atlas:atlas-common
(Maven)
May 17, 2022
Cross-site Scripting in Apache Atlas
Moderate
CVE-2017-3155
was published
for
org.apache.atlas:atlas-common
(Maven)
May 17, 2022
Apache Atlas produces Stack trace in error response
High
CVE-2017-3154
was published
for
org.apache.atlas:atlas-common
(Maven)
May 17, 2022
SimpleSAMLphp Unauthenticated encryption in CBC mode
Moderate
CVE-2017-12870
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 17, 2022
SimpleSAMLphp Incorrect IV generation for encryption
Moderate
CVE-2017-12871
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 17, 2022
Scrapy denial of service vulnerability
High
CVE-2017-14158
was published
for
scrapy
(pip)
May 17, 2022
OpenStack Swift metadata constraints are not correctly enforced
Moderate
CVE-2014-7960
was published
for
swift
(pip)
May 17, 2022
Smarty arbitrary PHP code execution
High
CVE-2014-8350
was published
for
smarty/smarty
(Composer)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop
Critical
CVE-2016-3086
was published
for
org.apache.hadoop:hadoop-yarn-server-nodemanager
(Maven)
May 17, 2022
Dolibarr SQL injection vulnerability in admin/menus/edit.php
Critical
CVE-2017-14238
was published
for
dolibarr/dolibarr
(Composer)
May 17, 2022
Dolibarr SQL injection vulnerability in don/list.php
Critical
CVE-2017-14242
was published
for
dolibarr/dolibarr
(Composer)
May 17, 2022
Dolibarr ERP and CRM contain XSS Vulnerability
Moderate
CVE-2017-14241
was published
for
dolibarr/dolibarr
(Composer)
May 17, 2022
Dolibarr ERP and CRM Sensitive Data Disclosure
High
CVE-2017-14240
was published
for
dolibarr/dolibarr
(Composer)
May 17, 2022
Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
Moderate
CVE-2011-1475
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API