Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18,873 advisories

Apache Solr insecure inter-node communication High
CVE-2017-7660 was published for org.apache.solr:solr-core (Maven) May 14, 2022
Open Chinese Convert subject to Denial of Service via Out-of-bounds Read Moderate
CVE-2018-16982 was published for OpenCC (npm) May 14, 2022
richardfan0606 DanBeard
RubyGems Path Traversal vulnerability Moderate
CVE-2018-1000079 was published for org.jruby:jruby-stdlib (RubyGems) May 14, 2022
ThinkPHP SQLi Vulnerability Critical
CVE-2018-18530 was published for topthink/framework (Composer) May 14, 2022
ThinkPHP SQLi Vulnerability Critical
CVE-2018-18529 was published for topthink/framework (Composer) May 14, 2022
Zenario CMS vulnerable to CSRF High
CVE-2018-18420 was published for tribalsystems/zenario (Composer) May 14, 2022
LibreNMS XSS Vulnerability Moderate
CVE-2018-18478 was published for librenms/librenms (Composer) May 14, 2022
ThinkPHP SQLi Vulnerability Critical
CVE-2018-18546 was published for topthink/framework (Composer) May 14, 2022
Apache XML-RPC vulnerable to Deserialization of Untrusted Data Critical
CVE-2016-5003 was published for org.apache.xmlrpc:xmlrpc (Maven) May 14, 2022
Apache XML-RPC XXE Vulnerability High
CVE-2016-5002 was published for org.apache.xmlrpc:xmlrpc (Maven) May 14, 2022
Ajenti Cross-site Scripting Via Filename Moderate
CVE-2018-18548 was published for ajenti (pip) May 14, 2022
SabreDAV Directory Traversal vulnerability Moderate
CVE-2013-1939 was published for sabre/dav (Composer) May 14, 2022
Jenkins vulnerable to Cross-site Scripting Moderate
CVE-2013-2033 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
httplib2 incorrectly checks SSL certificate Low
CVE-2013-2037 was published for httplib2 (pip) May 14, 2022
Apache Struts Code injection due to conversion error High
CVE-2012-0838 was published for org.apache.struts.xwork:xwork-core (Maven) May 14, 2022
sunSUNQ
XSS in baserCMS before 4.1.4 Moderate
CVE-2018-18943 was published for baserproject/basercms (Composer) May 14, 2022
Improper Input Validation in Apache Spark High
CVE-2018-11804 was published for org.apache.spark:spark-core (Maven) May 14, 2022
karo Metacharacter Handling Remote Command Execution Critical
CVE-2014-10075 was published for karo (RubyGems) May 14, 2022
jasnow
Mercurial Out-of-bounds Read vulnerability Critical
CVE-2018-17983 was published for mercurial (pip) May 14, 2022
i18n Vulnerable to Denial of Service Attack High
CVE-2014-10077 was published for i18n (RubyGems) May 14, 2022
jhutchings1
LFI in PHP-Proxy 5.1.0 High
CVE-2018-19246 was published for athlon1600/php-proxy (Composer) May 14, 2022
FineUploader php-traditional-server unauthenticated arbitrary file upload vulnerability Critical
CVE-2018-9209 was published for fineuploader/php-traditional-server (Composer) May 14, 2022
Unauthenticated File Read in PHP Proxy High
CVE-2018-19458 was published for athlon1600/php-proxy-app (Composer) May 14, 2022
Jenkins Cross-site Scripting vulnerability Moderate
CVE-2014-3681 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
python-kerberos vulnerable to KDC spoofing attacks High
CVE-2015-3206 was published for kerberos (pip) May 14, 2022
ProTip! Advisories are also available from the GraphQL API