GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,477 advisories
Filter by severity
Zend Framework Information Disclosure
High
CVE-2015-7503
was published
for
zendframework/zend-crypt
(Composer)
May 17, 2022
JBoss Keycloak CSRF Vulnerability
High
CVE-2014-3709
was published
for
org.keycloak:keycloak-services
(Maven)
May 17, 2022
Injection in Apache NiFi
Critical
CVE-2017-5636
was published
for
org.apache.nifi:nifi
(Maven)
May 17, 2022
TYPO3 Cross-site Scripting vulnerability in the extension manager and backend forms
Moderate
CVE-2010-3659
was published
for
typo3/cms-backend
(Composer)
May 17, 2022
Cross-site Scripting in Mistune
Moderate
CVE-2017-15612
was published
for
mistune
(pip)
May 17, 2022
Apache James Privilege Escalation
High
CVE-2017-12628
was published
for
org.apache.james:james-project
(Maven)
May 17, 2022
Improper Access Control in MySQL Connectors Java
Moderate
CVE-2015-2575
was published
for
mysql:mysql-connector-java
(Maven)
May 17, 2022
SaltStack Salt Directory traversal vulnerability in minion id validation
Critical
CVE-2017-14695
was published
for
salt
(pip)
May 17, 2022
Denial of service in Apache Tomcat
Moderate
CVE-2014-0095
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 17, 2022
Apache Storm log viewer path traversal vulnerability
High
CVE-2014-0115
was published
for
org.apache.storm:storm
(Maven)
May 17, 2022
SaltStack Salt Denial of Service via a crafted authentication request
High
CVE-2017-14696
was published
for
salt
(pip)
May 17, 2022
Ignite Realtime Openfire Server has Cross-site Scripting vulnerability in admin console
Moderate
CVE-2017-15911
was published
for
org.igniterealtime.openfire:parent
(Maven)
May 17, 2022
Django Cross-site scripting (XSS) vulnerability via is_safe_url function
Moderate
CVE-2013-6044
was published
for
django
(pip)
May 17, 2022
Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop
Critical
CVE-2012-4449
was published
for
org.apache.hadoop:hadoop-client
(Maven)
May 17, 2022
Insecure temporary file usage in Jenkins Git Client Plugin
Low
CVE-2017-1000242
was published
for
org.jenkins-ci.plugins:git-client
(Maven)
May 17, 2022
Withdrawn Advisory: Home Assistant Frontend XSS Vulnerability
Moderate
CVE-2017-16782
was published
for
home-assistant-frontend
(npm)
May 17, 2022
•
withdrawn
Chakra Core vulnerable to privilege escalation when writing to JavaScript null scope objects
High
CVE-2017-11870
was published
for
Microsoft.ChakraCore
(NuGet)
May 17, 2022
Chakra Core vulnerable to privilege escalation due to type confusion
High
CVE-2017-11862
was published
for
Microsoft.ChakraCore
(NuGet)
May 17, 2022
Chakra Core vulnerable to privilege escalation due to reading an invalid pointer
High
CVE-2017-11871
was published
for
Microsoft.ChakraCore
(NuGet)
May 17, 2022
Sanic arbitrary file read and directory traversal
High
CVE-2017-16762
was published
for
sanic
(pip)
May 17, 2022
filp whoops Cross-site Scripting vulnerability
Moderate
CVE-2017-16880
was published
for
filp/whoops
(Composer)
May 17, 2022
Improper Input Validation in Microsoft.NETCore.App
High
CVE-2017-8585
was published
for
Microsoft.NETCore.App
(NuGet)
May 17, 2022
Zeta Components Mail Arbitrary code execution via a crafted email address
High
CVE-2017-15806
was published
for
zetacomponents/mail
(Composer)
May 17, 2022
TYPO3 Arbitrary Code Execution
High
CVE-2017-14251
was published
for
typo3/cms
(Composer)
May 17, 2022
CodeIgniter HTTP Header Injection
High
CVE-2017-1000247
was published
for
codeigniter4/framework
(Composer)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API