GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,873 advisories
Filter by severity
Apache Solr insecure inter-node communication
High
CVE-2017-7660
was published
for
org.apache.solr:solr-core
(Maven)
May 14, 2022
Open Chinese Convert subject to Denial of Service via Out-of-bounds Read
Moderate
CVE-2018-16982
was published
for
OpenCC
(npm)
May 14, 2022
RubyGems Path Traversal vulnerability
Moderate
CVE-2018-1000079
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
Zenario CMS vulnerable to CSRF
High
CVE-2018-18420
was published
for
tribalsystems/zenario
(Composer)
May 14, 2022
ThinkPHP SQLi Vulnerability
Critical
CVE-2018-18530
was published
for
topthink/framework
(Composer)
May 14, 2022
ThinkPHP SQLi Vulnerability
Critical
CVE-2018-18529
was published
for
topthink/framework
(Composer)
May 14, 2022
LibreNMS XSS Vulnerability
Moderate
CVE-2018-18478
was published
for
librenms/librenms
(Composer)
May 14, 2022
ThinkPHP SQLi Vulnerability
Critical
CVE-2018-18546
was published
for
topthink/framework
(Composer)
May 14, 2022
Apache XML-RPC vulnerable to Deserialization of Untrusted Data
Critical
CVE-2016-5003
was published
for
org.apache.xmlrpc:xmlrpc
(Maven)
May 14, 2022
Apache XML-RPC XXE Vulnerability
High
CVE-2016-5002
was published
for
org.apache.xmlrpc:xmlrpc
(Maven)
May 14, 2022
Ajenti Cross-site Scripting Via Filename
Moderate
CVE-2018-18548
was published
for
ajenti
(pip)
May 14, 2022
SabreDAV Directory Traversal vulnerability
Moderate
CVE-2013-1939
was published
for
sabre/dav
(Composer)
May 14, 2022
Jenkins vulnerable to Cross-site Scripting
Moderate
CVE-2013-2033
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
httplib2 incorrectly checks SSL certificate
Low
CVE-2013-2037
was published
for
httplib2
(pip)
May 14, 2022
Apache Struts Code injection due to conversion error
High
CVE-2012-0838
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
XSS in baserCMS before 4.1.4
Moderate
CVE-2018-18943
was published
for
baserproject/basercms
(Composer)
May 14, 2022
Improper Input Validation in Apache Spark
High
CVE-2018-11804
was published
for
org.apache.spark:spark-core
(Maven)
May 14, 2022
karo Metacharacter Handling Remote Command Execution
Critical
CVE-2014-10075
was published
for
karo
(RubyGems)
May 14, 2022
Mercurial Out-of-bounds Read vulnerability
Critical
CVE-2018-17983
was published
for
mercurial
(pip)
May 14, 2022
i18n Vulnerable to Denial of Service Attack
High
CVE-2014-10077
was published
for
i18n
(RubyGems)
May 14, 2022
LFI in PHP-Proxy 5.1.0
High
CVE-2018-19246
was published
for
athlon1600/php-proxy
(Composer)
May 14, 2022
FineUploader php-traditional-server unauthenticated arbitrary file upload vulnerability
Critical
CVE-2018-9209
was published
for
fineuploader/php-traditional-server
(Composer)
May 14, 2022
Unauthenticated File Read in PHP Proxy
High
CVE-2018-19458
was published
for
athlon1600/php-proxy-app
(Composer)
May 14, 2022
Jenkins Cross-site Scripting vulnerability
Moderate
CVE-2014-3681
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
python-kerberos vulnerable to KDC spoofing attacks
High
CVE-2015-3206
was published
for
kerberos
(pip)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API