Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

19,961 advisories

Loading
Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch Moderate
CVE-2015-3337 was published for org.elasticsearch:elasticsearch (Maven) May 17, 2022
ceph-deploy uses world-readable permissions on client.admin key Low
CVE-2015-4053 was published for ceph-deploy (pip) May 17, 2022
ImpressCMS Path Traversal to Arbitrary File Delete Moderate
CVE-2014-1836 was published for impresscms/impresscms (Composer) May 17, 2022
PicketLink does not properly check role based authorization Moderate
CVE-2015-3158 was published for org.picketlink:picketlink-tomcat-common (Maven) May 17, 2022
Drupal Access Control Bypass High
CVE-2011-2687 was published for drupal/core (Composer) May 17, 2022
October CMS XSS In Caption Tag of Profile Moderate
CVE-2015-5612 was published for october/october (Composer) May 17, 2022
OpenStack Swift Cross-site Scriping vulnerability Moderate
CVE-2014-3497 was published for swift (pip) May 17, 2022
Improper Limitation of a Pathname to a Restricted Directory in Apache Solr Moderate
CVE-2013-6397 was published for org.apache.solr:solr-core (Maven) May 17, 2022
MarkLee131
OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions Moderate
CVE-2015-5251 was published for glance (pip) May 17, 2022
Apache Ambari SSRF Vulnerability Moderate
CVE-2015-1775 was published for org.apache.ambari:ambari (Maven) May 17, 2022
Apache Ambari Open Redirect Moderate
CVE-2015-5210 was published for org.apache.ambari:ambari (Maven) May 17, 2022
OpenStack Identity (Keystone) DoS through V3 API authentication chaining High
CVE-2014-2828 was published for keystone (pip) May 17, 2022
Cross-site Scripting in SmartyException Moderate
CVE-2012-4437 was published for smarty/smarty (Composer) May 17, 2022
Plone denial of service via Caching Bypass Moderate
CVE-2012-5498 was published for plone (pip) May 17, 2022
Insecure Temporary File in Jinja2 Moderate
CVE-2014-0012 was published for Jinja2 (pip) May 17, 2022
Joomla! Framework Remote Code Injection Vulnerability High
CVE-2015-8566 was published for joomla/session (Composer) May 17, 2022
Typo3 XSS Vulnerability Moderate
CVE-2015-8755 was published for typo3/cms (Composer) May 17, 2022
Dolibarr ERP and CRM contain XSS Vulnerabilities Moderate
CVE-2016-1912 was published for dolibarr/dolibarr (Composer) May 17, 2022
Improper Neutralization of Input During Web Page Generation in Apache Solr Moderate
CVE-2015-8795 was published for org.apache.solr:solr-core (Maven) May 17, 2022
Improper Neutralization of Input During Web Page Generation in Apache Solr Moderate
CVE-2015-8797 was published for org.apache.solr:solr-core (Maven) May 17, 2022
phpMyAdmin cross-site scripting Vulnerability via ENUM value Low
CVE-2014-7217 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Drupal CRLF injection vulnerability in the drupal_set_header function Moderate
CVE-2016-3166 was published for drupal/core (Composer) May 17, 2022
Drupal Open Redirect High
CVE-2016-3164 was published for drupal/core (Composer) May 17, 2022
Drupal saving user accounts can sometimes grant the user all roles High
CVE-2016-3169 was published for drupal/core (Composer) May 17, 2022
Drupal Form API ignores access restrictions on submit buttons High
CVE-2016-3165 was published for drupal/core (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API