GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,444
Erlang
29
GitHub Actions
16
Go
1,668
Maven
4,928
npm
3,458
NuGet
595
pip
2,876
Pub
10
RubyGems
823
Rust
766
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,431 advisories
Filter by severity
Exposure of Sensitive Information to an Unauthorized Actor in Oracle MySQL Connectors Java
Low
CVE-2017-3589
was published
for
mysql:mysql-connector-java
(Maven)
May 13, 2022
Improper Access Control in MySQL Connectors Java
High
CVE-2017-3523
was published
for
mysql:mysql-connector-java
(Maven)
May 13, 2022
phpMyAdmin Improper Privilege Management
Critical
CVE-2017-18264
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 13, 2022
LibreNMS Arbitrary File Read
Moderate
CVE-2017-16759
was published
for
librenms/librenms
(Composer)
May 13, 2022
Unsafe pyyaml load usage in PyAnyAPI
Critical
CVE-2017-16616
was published
for
pyanyapi
(pip)
May 13, 2022
Symfony CSRF Vulnerability
Moderate
CVE-2017-16653
was published
for
symfony/security
(Composer)
May 13, 2022
Borg Improper Access Control vulnerability
High
CVE-2017-15914
was published
for
borgbackup
(pip)
May 13, 2022
TeamPass Improper Privilege Management
Moderate
CVE-2017-15053
was published
for
nilsteampassnet/teampass
(Composer)
May 13, 2022
TeamPass Improper Privilege Management
High
CVE-2017-15055
was published
for
nilsteampassnet/teampass
(Composer)
May 13, 2022
TeamPass Improper Privilege Management
Moderate
CVE-2017-15052
was published
for
nilsteampassnet/teampass
(Composer)
May 13, 2022
GeniXCMS arbitrary PHP code execution
High
CVE-2017-14763
was published
for
genix/cms
(Composer)
May 13, 2022
ONOS vulnerable to denial of service due to unrestricted NettyMessagingManager payload
High
CVE-2017-13763
was published
for
org.onosproject:onos-base
(Maven)
May 13, 2022
Nimbus JOSE+JWT vulnerable to padding oracle attack
Low
CVE-2017-12973
was published
for
com.nimbusds:nimbus-jose-jwt
(Maven)
May 13, 2022
SimpleSAMLphp Invalid token creation and validation
Moderate
CVE-2017-12867
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 13, 2022
Openstack tripleo-heat-templates unauthenticated file access
Moderate
CVE-2017-12155
was published
for
tripleo-heat-templates
(pip)
May 13, 2022
Denial of service in ASP.NET Core
High
CVE-2017-11883
was published
for
Microsoft.AspNetCore.Server.HttpSys
(NuGet)
May 13, 2022
ChakraCore vulnerable to privilege escalation
Critical
CVE-2017-11767
was published
for
Microsoft.ChakraCore
(NuGet)
May 13, 2022
Incorrect Default Permissions in Supervisor
High
CVE-2017-11610
was published
for
supervisor
(pip)
May 13, 2022
PyJWT vulnerable to key confusion attacks
High
CVE-2017-11424
was published
for
pyjwt
(pip)
May 13, 2022
Codiad Vulnerable to Shell Command Injection
Critical
CVE-2017-11366
was published
for
codiad/codiad
(Composer)
May 13, 2022
Contao Core directory traversal vulnerability
High
CVE-2017-10993
was published
for
contao/contao
(Composer)
May 13, 2022
Arbitrary file delete in baserCMS
High
CVE-2017-10843
was published
for
baserproject/basercms
(Composer)
May 13, 2022
Tarball permission preservation in puppet
Moderate
CVE-2017-10689
was published
for
puppet
(RubyGems)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API