Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,726 advisories

Loading
Tryton allow authenticated users with certain permissions to read arbitrary files via the name parameter Moderate
CVE-2016-1242 was published for trytond (pip) May 17, 2022
Urllib3 Incorrect Certificate Validation Low
CVE-2016-9015 was published for urllib3 (pip) May 17, 2022
Shell command injection in Liferay Portal High
CVE-2010-5327 was published for com.liferay.portal:portal-impl (Maven) May 17, 2022
q5438722
Web2py Cross-Site Request Forgery vulnerability Moderate
CVE-2016-4808 was published for web2py (pip) May 17, 2022
TYPO3 Backend component Cross-site scripting (XSS) vulnerability Moderate
CVE-2016-4056 was published for typo3/cms (Composer) May 17, 2022
Moodle Glossary search displays entries without checking user permissions to view them Moderate
CVE-2016-5012 was published for moodle/moodle (Composer) May 17, 2022
Moodle Cross-site Scripting in assignment submission page Moderate
CVE-2017-2578 was published for moodle/moodle (Composer) May 17, 2022
Extbase for TYPO3 allows RCE High
CVE-2016-5091 was published for typo3/cms-extbase (Composer) May 17, 2022
python-jose failure to use a constant time comparison for HMAC keys Critical
CVE-2016-7036 was published for python-jose (pip) May 17, 2022
MoinMoin Cross-site Scripting (XSS) vulnerability Moderate
CVE-2016-7148 was published for moin (pip) May 17, 2022
MoinMoin Cross-site Scripting (XSS) vulnerability Moderate
CVE-2016-7146 was published for moin (pip) May 17, 2022
MoinMoin Cross-site Scripting (XSS) vulnerability Moderate
CVE-2016-9119 was published for moin (pip) May 17, 2022
Salt Insecure configuration of PAM external authentication service Moderate
CVE-2016-3176 was published for salt (pip) May 17, 2022
Salt allows deleted minions to read or write to minions with the same id Critical
CVE-2016-9639 was published for salt (pip) May 17, 2022
Plone XSS in Zope ZMI Moderate
CVE-2016-7147 was published for plone (pip) May 17, 2022
Loop with Unreachable Exit Condition in Apache POI Moderate
CVE-2014-9527 was published for org.apache.poi:poi (Maven) May 17, 2022
Improper Restriction of XML External Entity Reference in Openpyxl High
CVE-2017-5992 was published for openpyxl (pip) May 17, 2022
chenghlee
flask-oidc Open Redirect vulnerability High
CVE-2016-1000001 was published for flask-oidc (pip) May 17, 2022
Improper Neutralization of Input During Web Page Generation in html5lib Moderate
CVE-2016-9909 was published for html5lib (pip) May 17, 2022
Cross-site Scripting in html5lib Moderate
CVE-2016-9910 was published for html5lib (pip) May 17, 2022
Froxlor guessable password reset token Critical
CVE-2016-5100 was published for froxlor/froxlor (Composer) May 17, 2022
Plone vulnerable to privilege escalation in WebDAV High
CVE-2016-4041 was published for Plone (pip) May 17, 2022
Plone vulnerable to unauthorized disclosure of site content Moderate
CVE-2016-4042 was published for Plone (pip) May 17, 2022
Chameleon in Plone allows Authentication Bypass Moderate
CVE-2016-4043 was published for Plone (pip) May 17, 2022
XMPP Clients User Impersonation Vulnerability in Movim Moxl Moderate
CVE-2017-5605 was published for movim/moxl (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API