Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,477 advisories

Loading
Authentication Bypass in Apache Tomcat Moderate
CVE-2012-3546 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
tdunlap607
Cross-Site Request Forgery in Apache Tomcat Moderate
CVE-2012-4431 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Improper Access Control in Apache Tomcat Moderate
CVE-2012-5885 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
python-keystoneclient unsecure user password update Low
CVE-2013-2013 was published for python-keystoneclient (pip) May 17, 2022
GeniXCMS denial of service (account blockage) Moderate
CVE-2017-14231 was published for genix/cms (Composer) May 17, 2022
Dolibarr cross-site scripting (XSS) vulnerability Moderate
CVE-2017-14239 was published for dolibarr/dolibarr (Composer) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Directory LDAP API High
CVE-2015-3250 was published for org.apache.directory.api:api-ldap-model (Maven) May 17, 2022
Moodle XSS Vulnerability Moderate
CVE-2017-12156 was published for moodle/moodle (Composer) May 17, 2022
Jenkins HttpOnly flag not Set for session cookies Moderate
CVE-2014-9635 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins secure flag not set on session cookies Moderate
CVE-2014-9634 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Incomplete exclude pattern in Apache Struts High
CVE-2015-1831 was published for org.apache.struts.xwork:xwork-core (Maven) May 17, 2022
sunSUNQ
Django ReDoS in validators.URLValidator High
CVE-2015-5145 was published for django (pip) May 17, 2022
Django Vulnerable to HTTP Response Splitting Attack Moderate
CVE-2015-5144 was published for django (pip) May 17, 2022
sunSUNQ
Fastly Magento2 sensitive information disclosure Moderate
CVE-2017-13761 was published for fastly/magento2 (Composer) May 17, 2022
phpBB Open Redirect Moderate
CVE-2015-3880 was published for phpbb/phpbb (Composer) May 17, 2022
Cross-site Scripting In Apache Brooklyn Moderate
CVE-2017-3165 was published for org.apache.brooklyn:brooklyn (Maven) May 17, 2022
NodeBB Cross-site Scripting Vulnerability in Markdown Processing Moderate
CVE-2015-3296 was published for nodebb (npm) May 17, 2022
Moodle sensitive information disclosure Moderate
CVE-2017-12157 was published for moodle/moodle (Composer) May 17, 2022
CodeIgniter and Kohana vulnerable to PHP Object Injection Critical
CVE-2014-8684 was published for codeigniter/framework (Composer) May 17, 2022
Deserialization of Untrusted Data in Apache Brooklyn High
CVE-2016-8744 was published for org.apache.brooklyn:brooklyn (Maven) May 17, 2022
GeniXCMS Cross-site Scripting (XSS) via id parameter Moderate
CVE-2017-14762 was published for genix/cms (Composer) May 17, 2022
Improper Neutralization of Input During Web Page Generation in IPython Moderate
CVE-2015-4706 was published for ipython (pip) May 17, 2022
GeniXCMS arbitrary PHP code execution High
CVE-2017-14764 was published for genix/cms (Composer) May 17, 2022
GeniXCMS Cross-site Scripting (XSS) via the Menu ID field Moderate
CVE-2017-14765 was published for genix/cms (Composer) May 17, 2022
GeniXCMS Cross-site Scripting (XSS) vulnerability via id parameter Moderate
CVE-2017-14761 was published for genix/cms (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API