Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,726 advisories

Loading
Salt uses weak permissions on the cache data Low
CVE-2015-8034 was published for salt (pip) May 17, 2022
Umbraco CMS vulnerable to CSRF High
CVE-2015-8814 was published for Umbraco.CMS (NuGet) May 17, 2022
Umbraco CMS vulnerable to CSRF High
CVE-2015-8813 was published for Umbraco.CMS (NuGet) May 17, 2022
PySAML2 XML external entity attack Critical
CVE-2016-10127 was published for pysaml2 (pip) May 17, 2022
jhutchings1
Cloudera HUE Account Enumeration Moderate
CVE-2016-4947 was published for gethue (npm) May 17, 2022
EpicEditor XSS Vulnerability Moderate
CVE-2017-6589 was published for epiceditor (npm) May 17, 2022
CodeIgniter arbitrary code execution Critical
CVE-2016-10131 was published for codeigniter4/framework (Composer) May 17, 2022
Weblate user account enumeration via reset password form Moderate
CVE-2017-5537 was published for weblate (pip) May 17, 2022
Apache Hadoop allows impersonation of arbitrary cluster user accounts Moderate
CVE-2012-1574 was published for org.apache.hadoop:hadoop-main (Maven) May 17, 2022
Client BlockTokens not checked in Apache Hadoop High
CVE-2012-3376 was published for org.apache.hadoop:hadoop-client (Maven) May 17, 2022
Improper Authentication in Apache Hadoop Low
CVE-2013-2192 was published for org.apache.hadoop:hadoop-common (Maven) May 17, 2022
imdbphp Cross-Site Scripting (XSS) Moderate
CVE-2017-7204 was published for imdbphp/imdbphp (Composer) May 17, 2022
Improper Authentication in Apache Hadoop Moderate
CVE-2014-0229 was published for org.apache.hadoop:hadoop-common (Maven) May 17, 2022
Netflix Security Monkey Open Redirect vulnerability Moderate
CVE-2017-7266 was published for security_monkey (pip) May 17, 2022
Cherry Music directory traversal vulnerability Moderate
CVE-2015-8309 was published for CherryMusic (pip) May 17, 2022
Cherry Music Cross-site Scripting (XSS) vulnerability Moderate
CVE-2015-8310 was published for CherryMusic (pip) May 17, 2022
OpenStack Glance Server-Side Request Forgery (SSRF) Moderate
CVE-2017-7200 was published for glance (pip) May 17, 2022
Apache Ambari reveals administrator passwords Moderate
CVE-2016-4976 was published for org.apache.ambari:ambari (Maven) May 17, 2022
OpenStack Glance Signature Verification Bypass Moderate
CVE-2015-8234 was published for glance (pip) May 17, 2022
Apache Ambari Improper Access Control Critical
CVE-2016-6807 was published for org.apache.ambari:ambari (Maven) May 17, 2022
Improper input validation in cryptography High
CVE-2016-9243 was published for cryptography (pip) May 17, 2022
jhutchings1
Magmi XSS Vulnerability Moderate
CVE-2017-7391 was published for dweeves/magmi (Composer) May 17, 2022
SocialNetwork Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2017-7390 was published for movingbytes/social-network (Composer) May 17, 2022
GeniXCMS SQL injection vulnerability High
CVE-2016-10096 was published for genix/cms (Composer) May 17, 2022
Apache Geode information disclosure vulnerability High
CVE-2017-5649 was published for org.apache.geode:geode-core (Maven) May 17, 2022
ProTip! Advisories are also available from the GraphQL API