GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,873 advisories
Filter by severity
OpenStack Keystone Improper Authentication vulnerability
High
CVE-2012-4456
was published
for
keystone
(pip)
May 14, 2022
Smarty Path Traversal Vulnerability
Moderate
CVE-2018-16831
was published
for
smarty/smarty
(Composer)
May 14, 2022
OpenStack Compute (Nova) allows remote authenticated users to obtain sensitive information
Moderate
CVE-2013-2256
was published
for
nova
(pip)
May 14, 2022
OpenStack Compute (nova) allows remote authenticated users to cause a denial of service
Moderate
CVE-2015-3280
was published
for
nova
(pip)
May 14, 2022
OpenStack Compute (Nova) Denial of Service vulnerability
Moderate
CVE-2014-3708
was published
for
nova
(pip)
May 14, 2022
OpenStack Compute (Nova) allows remote attackers to bypass intended restriction
Moderate
CVE-2015-7713
was published
for
nova
(pip)
May 14, 2022
OpenStack Compute (Nova) has Insufficient Verification of Data Authenticity
Moderate
CVE-2015-0259
was published
for
nova
(pip)
May 14, 2022
OpenStack Compute (Nova)'s VMWare driver vulnerable to denial of service
Moderate
CVE-2014-3608
was published
for
nova
(pip)
May 14, 2022
OpenStack Nova instance migration process does not stop when instance is deleted
Moderate
CVE-2015-3241
was published
for
nova
(pip)
May 14, 2022
OpenStack Nova live snapshots use an insecure local directory
Low
CVE-2013-7048
was published
for
nova
(pip)
May 14, 2022
OpenStack Nova Potential Xen connection password leak via StorageError
Moderate
CVE-2015-8749
was published
for
nova
(pip)
May 14, 2022
OpenStack Cinder Denial of Service using XML entities
Moderate
CVE-2013-4202
was published
for
cinder
(pip)
May 14, 2022
OpenStack Nova DoS through ephemeral disk backing files
Moderate
CVE-2013-6437
was published
for
nova
(pip)
May 14, 2022
OpenStack Nova host data access through resize/migration
Moderate
CVE-2016-2140
was published
for
nova
(pip)
May 14, 2022
OpenStack Oslo utility sensitive information exposure via log files
Low
CVE-2014-7231
was published
for
oslo.utils
(pip)
May 14, 2022
Coaster CMS Stored Cross-site Scripting vulnerability
Moderate
CVE-2018-17876
was published
for
web-feet/coastercms
(Composer)
May 14, 2022
Elefant CMS Code Execution Vulnerability
Critical
CVE-2018-16974
was published
for
elefant/cms
(Composer)
May 14, 2022
ThinkPHP SQL injection vulnerability
Critical
CVE-2018-17566
was published
for
topthink/framework
(Composer)
May 14, 2022
QuickAppsCMS Cross-Site Request Forgery (CSRF)
High
CVE-2018-17102
was published
for
quickapps/cms
(Composer)
May 14, 2022
AlchemyCMS is vulnerable to stored XSS via the /admin/pictures image field
Moderate
CVE-2018-18307
was published
for
alchemy_cms
(RubyGems)
May 14, 2022
Cross-site Scripting in Apache Struts
Moderate
CVE-2015-5169
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
Arbitrary code execution in Apache Struts 2
High
CVE-2013-2134
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Cross-site Scripting in Apache Struts
Moderate
CVE-2016-4003
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
Arbitrary code execution in Apache Struts 2
High
CVE-2013-2135
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Mediawiki tarball is missing .htaccess files
Moderate
CVE-2018-13258
was published
for
mediawiki/core
(Composer)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API