GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,477
Composer 3,978
Erlang 29
GitHub Actions 16
Go 1,768
Maven 4,991
npm 3,537
NuGet 616
pip 3,107
Pub 10
RubyGems 837
Rust 786
Swift 34

Unreviewed advisories

All unreviewed 222,598

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

19,477 advisories

Filter by severity

Sort by

Least recently updated

Zend Framework Information Disclosure High

CVE-2015-7503 was published for zendframework/zend-crypt (Composer) May 17, 2022

JBoss Keycloak CSRF Vulnerability High

CVE-2014-3709 was published for org.keycloak:keycloak-services (Maven) May 17, 2022

Injection in Apache NiFi Critical

CVE-2017-5636 was published for org.apache.nifi:nifi (Maven) May 17, 2022

TYPO3 Cross-site Scripting vulnerability in the extension manager and backend forms Moderate

CVE-2010-3659 was published for typo3/cms-backend (Composer) May 17, 2022

Cross-site Scripting in Mistune Moderate

CVE-2017-15612 was published for mistune (pip) May 17, 2022

Apache James Privilege Escalation High

CVE-2017-12628 was published for org.apache.james:james-project (Maven) May 17, 2022

Improper Access Control in MySQL Connectors Java Moderate

CVE-2015-2575 was published for mysql:mysql-connector-java (Maven) May 17, 2022

SaltStack Salt Directory traversal vulnerability in minion id validation Critical

CVE-2017-14695 was published for salt (pip) May 17, 2022

Denial of service in Apache Tomcat Moderate

CVE-2014-0095 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 17, 2022

Apache Storm log viewer path traversal vulnerability High

CVE-2014-0115 was published for org.apache.storm:storm (Maven) May 17, 2022

SaltStack Salt Denial of Service via a crafted authentication request High

CVE-2017-14696 was published for salt (pip) May 17, 2022

Ignite Realtime Openfire Server has Cross-site Scripting vulnerability in admin console Moderate

CVE-2017-15911 was published for org.igniterealtime.openfire:parent (Maven) May 17, 2022

Django Cross-site scripting (XSS) vulnerability via is_safe_url function Moderate

CVE-2013-6044 was published for django (pip) May 17, 2022

Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop Critical

CVE-2012-4449 was published for org.apache.hadoop:hadoop-client (Maven) May 17, 2022

Insecure temporary file usage in Jenkins Git Client Plugin Low

CVE-2017-1000242 was published for org.jenkins-ci.plugins:git-client (Maven) May 17, 2022

Withdrawn Advisory: Home Assistant Frontend XSS Vulnerability Moderate

CVE-2017-16782 was published for home-assistant-frontend (npm) May 17, 2022 • withdrawn

Chakra Core vulnerable to privilege escalation when writing to JavaScript null scope objects High

CVE-2017-11870 was published for Microsoft.ChakraCore (NuGet) May 17, 2022

Chakra Core vulnerable to privilege escalation due to type confusion High

CVE-2017-11862 was published for Microsoft.ChakraCore (NuGet) May 17, 2022

Chakra Core vulnerable to privilege escalation due to reading an invalid pointer High

CVE-2017-11871 was published for Microsoft.ChakraCore (NuGet) May 17, 2022

Sanic arbitrary file read and directory traversal High

CVE-2017-16762 was published for sanic (pip) May 17, 2022

filp whoops Cross-site Scripting vulnerability Moderate

CVE-2017-16880 was published for filp/whoops (Composer) May 17, 2022

Improper Input Validation in Microsoft.NETCore.App High

CVE-2017-8585 was published for Microsoft.NETCore.App (NuGet) May 17, 2022

Zeta Components Mail Arbitrary code execution via a crafted email address High

CVE-2017-15806 was published for zetacomponents/mail (Composer) May 17, 2022

TYPO3 Arbitrary Code Execution High

CVE-2017-14251 was published for typo3/cms (Composer) May 17, 2022

CodeIgniter HTTP Header Injection High

CVE-2017-1000247 was published for codeigniter4/framework (Composer) May 17, 2022

Previous 1 2 … 396 397 398 399 400 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

19,477 advisories