GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,108
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,664
NuGet
642
pip
3,266
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
20,228 advisories
Filter by severity
Directory traversal in pyftpdlib
Moderate
CVE-2008-7262
was published
for
pyftpdlib
(pip)
May 17, 2022
TYPO3 cross-site scripting (XSS) vulnerability in the RemoveXSS function and the backend
Moderate
CVE-2010-3715
was published
for
typo3/cms-backend
(Composer)
May 17, 2022
Improper Authentication in Apache MyFaces
Moderate
CVE-2010-2057
was published
for
org.apache.myfaces.core:myfaces-impl
(Maven)
May 17, 2022
Cobbler is vulnerable to code injection
High
CVE-2010-2235
was published
for
cobbler
(pip)
May 17, 2022
Paste is vulnerable to Cross-site Scripting via vectors involving a 404 status code
Moderate
CVE-2010-2477
was published
for
paste
(pip)
May 17, 2022
Drools Improper Input Validation vulnerability allows remote attackers to execute arbitrary code in JBoss EAP
High
CVE-2010-3708
was published
for
org.drools:drools-core
(Maven)
May 17, 2022
CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code
High
CVE-2010-4335
was published
for
cakephp/cakephp
(Composer)
May 17, 2022
Zope Object Database Denial of Service vulnerability
Moderate
CVE-2010-3495
was published
for
zodb3
(pip)
May 17, 2022
phpMyAdmin unsafely handles temporary files
High
CVE-2008-7252
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
PyWebDAV SQL Injection vulnerability
High
CVE-2011-0432
was published
for
pywebdav
(pip)
May 17, 2022
Apache Struts Multiple XSS Vulnerabilities
Moderate
CVE-2011-2087
was published
for
org.apache.struts:struts2-parent
(Maven)
May 17, 2022
Fabric vulnerable to symlink attack on tmp files
Moderate
CVE-2011-2185
was published
for
fabric
(pip)
May 17, 2022
Apache Libcloud does not verify SSL certificates for HTTPS connections
High
CVE-2010-4340
was published
for
apache-libcloud
(pip)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient
Moderate
CVE-2011-1498
was published
for
org.apache.httpcomponents:httpclient
(Maven)
May 17, 2022
Plone anonymous access to sub-objects in CMFEditions where KwAsAttributes classes were publishable
High
CVE-2011-4030
was published
for
Plone
(pip)
May 17, 2022
OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled
Low
CVE-2011-4457
was published
for
com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
(Maven)
May 17, 2022
Celery local privilege escalation vulnerability
Moderate
CVE-2011-4356
was published
for
celery
(pip)
May 17, 2022
Denial of Service in Apache ActiveMQ
Moderate
CVE-2011-4905
was published
for
org.apache.activemq:activemq-core
(Maven)
May 17, 2022
Cross-site Scripting in Apache Struts
Low
CVE-2011-1772
was published
for
org.apache.struts:struts2-core
(Maven)
May 17, 2022
Virtualenv Allows Symlink Attack on /tmp/
Low
CVE-2011-4617
was published
for
virtualenv
(pip)
May 17, 2022
phpMyAdmin Open Redirect in redirector
Moderate
CVE-2011-1941
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests
Moderate
CVE-2011-3375
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Ejabberd DoS via malformed stanza
Moderate
CVE-2011-4320
was published
for
ejabberd
(Erlang)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API