Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18,873 advisories

OpenStack Keystone Improper Authentication vulnerability High
CVE-2012-4456 was published for keystone (pip) May 14, 2022
Smarty Path Traversal Vulnerability Moderate
CVE-2018-16831 was published for smarty/smarty (Composer) May 14, 2022
Ocramius
OpenStack Compute (Nova) allows remote authenticated users to obtain sensitive information Moderate
CVE-2013-2256 was published for nova (pip) May 14, 2022
OpenStack Nova DoS through ephemeral disk backing files Moderate
CVE-2013-6437 was published for nova (pip) May 14, 2022
OpenStack Nova instance migration process does not stop when instance is deleted Moderate
CVE-2015-3241 was published for nova (pip) May 14, 2022
OpenStack Nova live snapshots use an insecure local directory Low
CVE-2013-7048 was published for nova (pip) May 14, 2022
OpenStack Nova Potential Xen connection password leak via StorageError Moderate
CVE-2015-8749 was published for nova (pip) May 14, 2022
OpenStack Cinder Denial of Service using XML entities Moderate
CVE-2013-4202 was published for cinder (pip) May 14, 2022
OpenStack Compute (Nova) Denial of Service vulnerability Moderate
CVE-2014-3708 was published for nova (pip) May 14, 2022
OpenStack Compute (nova) allows remote authenticated users to cause a denial of service Moderate
CVE-2015-3280 was published for nova (pip) May 14, 2022
OpenStack Compute (Nova) allows remote attackers to bypass intended restriction Moderate
CVE-2015-7713 was published for nova (pip) May 14, 2022
OpenStack Compute (Nova) has Insufficient Verification of Data Authenticity Moderate
CVE-2015-0259 was published for nova (pip) May 14, 2022
OpenStack Compute (Nova)'s VMWare driver vulnerable to denial of service Moderate
CVE-2014-3608 was published for nova (pip) May 14, 2022
OpenStack Nova host data access through resize/migration Moderate
CVE-2016-2140 was published for nova (pip) May 14, 2022
OpenStack Oslo utility sensitive information exposure via log files Low
CVE-2014-7231 was published for oslo.utils (pip) May 14, 2022
Coaster CMS Stored Cross-site Scripting vulnerability Moderate
CVE-2018-17876 was published for web-feet/coastercms (Composer) May 14, 2022
Elefant CMS Code Execution Vulnerability Critical
CVE-2018-16974 was published for elefant/cms (Composer) May 14, 2022
ThinkPHP SQL injection vulnerability Critical
CVE-2018-17566 was published for topthink/framework (Composer) May 14, 2022
QuickAppsCMS Cross-Site Request Forgery (CSRF) High
CVE-2018-17102 was published for quickapps/cms (Composer) May 14, 2022
AlchemyCMS is vulnerable to stored XSS via the /admin/pictures image field Moderate
CVE-2018-18307 was published for alchemy_cms (RubyGems) May 14, 2022
Cross-site Scripting in Apache Struts Moderate
CVE-2015-5169 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
Arbitrary code execution in Apache Struts 2 High
CVE-2013-2134 was published for org.apache.struts.xwork:xwork-core (Maven) May 14, 2022
sunSUNQ
Cross-site Scripting in Apache Struts Moderate
CVE-2016-4003 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
sunSUNQ
Arbitrary code execution in Apache Struts 2 High
CVE-2013-2135 was published for org.apache.struts.xwork:xwork-core (Maven) May 14, 2022
sunSUNQ
Mediawiki tarball is missing .htaccess files Moderate
CVE-2018-13258 was published for mediawiki/core (Composer) May 14, 2022
ProTip! Advisories are also available from the GraphQL API