GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,410 advisories
Filter by severity
Improper Validation of Certificate with Host Mismatch in Not Yet Commons SSL
Moderate
CVE-2014-3604
was published
for
ca.juliusdavies:not-yet-commons-ssl
(Maven)
May 14, 2022
XML External Entity Reference in org.picketlink:picketlink-common
High
CVE-2014-3530
was published
for
org.picketlink:picketlink-common
(Maven)
May 14, 2022
OpenStack Swift Unauthorized delete of versioned Swift object
Moderate
CVE-2015-1856
was published
for
swift
(pip)
May 14, 2022
OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption
High
CVE-2015-5162
was published
for
cinder
(pip)
May 14, 2022
OpenStack Object Storage (Swift) Sensitive Data Exposure
Moderate
CVE-2015-5223
was published
for
swift
(pip)
May 14, 2022
Exposure of Sensitive Information in Jenkins Core
Moderate
CVE-2016-0790
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Exposure of Sensitive Information in Jenkins Core
Critical
CVE-2016-0791
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Exposure of Sensitive Information in Jenkins Core
Moderate
CVE-2016-3723
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Incorrect Authorization in Jenkins Core
Moderate
CVE-2016-3722
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Missing permissions check in Jenkins Core
Moderate
CVE-2016-3725
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
OpenStack Nova logs sensitive context from notification exceptions
Critical
CVE-2017-7214
was published
for
nova
(pip)
May 14, 2022
OpenStack Horizon Cross-site Scripting (XSS)
Moderate
CVE-2017-7400
was published
for
horizon
(pip)
May 14, 2022
Apache Drill vulnerable to Cross-site Scripting
Moderate
CVE-2017-12630
was published
for
org.apache.drill:drill-common
(Maven)
May 14, 2022
Improper Input Validation in Apache Tomcat
Moderate
CVE-2011-4858
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Arbitrary file write in Apache Commons Fileupload
High
CVE-2013-2186
was published
for
commons-fileupload:commons-fileupload
(Maven)
May 14, 2022
Dolibarr SQL injection vulnerability in comm/multiprix.php
Critical
CVE-2017-17897
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Dolibarr SQL injection vulnerability in fourn/index.php
Critical
CVE-2017-17900
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Dolibarr sensitive information disclosure
High
CVE-2017-17898
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Dolibarr SQL injection vulnerability in adherents/subscription/info.php
Critical
CVE-2017-17899
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Fork CMS XSS via Highlight Parameter
Moderate
CVE-2012-1209
was published
for
forkcms/forkcms
(Composer)
May 14, 2022
Dolibarr ERP and CRM contain XSS Vulnerability
Moderate
CVE-2017-17971
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Passbolt API is vulnerable to XSS in the url field on the password workspace grid and sidebar
Moderate
CVE-2017-1000442
was published
for
passbolt/passbolt_api
(Composer)
May 14, 2022
Fork CMS XSS Vulnerability
Moderate
CVE-2018-5215
was published
for
forkcms/forkcms
(Composer)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API