GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
19,961 advisories
Filter by severity
Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch
Moderate
CVE-2015-3337
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 17, 2022
ceph-deploy uses world-readable permissions on client.admin key
Low
CVE-2015-4053
was published
for
ceph-deploy
(pip)
May 17, 2022
ImpressCMS Path Traversal to Arbitrary File Delete
Moderate
CVE-2014-1836
was published
for
impresscms/impresscms
(Composer)
May 17, 2022
PicketLink does not properly check role based authorization
Moderate
CVE-2015-3158
was published
for
org.picketlink:picketlink-tomcat-common
(Maven)
May 17, 2022
Drupal Access Control Bypass
High
CVE-2011-2687
was published
for
drupal/core
(Composer)
May 17, 2022
October CMS XSS In Caption Tag of Profile
Moderate
CVE-2015-5612
was published
for
october/october
(Composer)
May 17, 2022
OpenStack Swift Cross-site Scriping vulnerability
Moderate
CVE-2014-3497
was published
for
swift
(pip)
May 17, 2022
Improper Limitation of a Pathname to a Restricted Directory in Apache Solr
Moderate
CVE-2013-6397
was published
for
org.apache.solr:solr-core
(Maven)
May 17, 2022
OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions
Moderate
CVE-2015-5251
was published
for
glance
(pip)
May 17, 2022
Apache Ambari SSRF Vulnerability
Moderate
CVE-2015-1775
was published
for
org.apache.ambari:ambari
(Maven)
May 17, 2022
Apache Ambari Open Redirect
Moderate
CVE-2015-5210
was published
for
org.apache.ambari:ambari
(Maven)
May 17, 2022
OpenStack Identity (Keystone) DoS through V3 API authentication chaining
High
CVE-2014-2828
was published
for
keystone
(pip)
May 17, 2022
Cross-site Scripting in SmartyException
Moderate
CVE-2012-4437
was published
for
smarty/smarty
(Composer)
May 17, 2022
Plone denial of service via Caching Bypass
Moderate
CVE-2012-5498
was published
for
plone
(pip)
May 17, 2022
Insecure Temporary File in Jinja2
Moderate
CVE-2014-0012
was published
for
Jinja2
(pip)
May 17, 2022
Joomla! Framework Remote Code Injection Vulnerability
High
CVE-2015-8566
was published
for
joomla/session
(Composer)
May 17, 2022
Dolibarr ERP and CRM contain XSS Vulnerabilities
Moderate
CVE-2016-1912
was published
for
dolibarr/dolibarr
(Composer)
May 17, 2022
Improper Neutralization of Input During Web Page Generation in Apache Solr
Moderate
CVE-2015-8795
was published
for
org.apache.solr:solr-core
(Maven)
May 17, 2022
Improper Neutralization of Input During Web Page Generation in Apache Solr
Moderate
CVE-2015-8797
was published
for
org.apache.solr:solr-core
(Maven)
May 17, 2022
phpMyAdmin cross-site scripting Vulnerability via ENUM value
Low
CVE-2014-7217
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Drupal CRLF injection vulnerability in the drupal_set_header function
Moderate
CVE-2016-3166
was published
for
drupal/core
(Composer)
May 17, 2022
Drupal saving user accounts can sometimes grant the user all roles
High
CVE-2016-3169
was published
for
drupal/core
(Composer)
May 17, 2022
Drupal Form API ignores access restrictions on submit buttons
High
CVE-2016-3165
was published
for
drupal/core
(Composer)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API