GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,873 advisories
Filter by severity
Roundup sensitive data disclosure vulnerability
Moderate
CVE-2014-6276
was published
for
roundup
(pip)
May 17, 2022
Drupal Open redirect vulnerability in the drupal_goto function
High
CVE-2016-3167
was published
for
drupal/core
(Composer)
May 17, 2022
Apache Ranger Access Restriction Bypass
High
CVE-2016-0735
was published
for
org.apache.ranger:ranger
(Maven)
May 17, 2022
OpenStack TripleO Heat templates spoof metadata requests
High
CVE-2015-5303
was published
for
tripleo-heat-templates
(pip)
May 17, 2022
Drupal Brute force amplification attacks via XML-RPC
High
CVE-2016-3163
was published
for
drupal/core
(Composer)
May 17, 2022
Drupal sensitive information disclosure
Moderate
CVE-2016-3170
was published
for
drupal/core
(Composer)
May 17, 2022
Drupal Reflected file download vulnerability
Moderate
CVE-2016-3168
was published
for
drupal/core
(Composer)
May 17, 2022
Drupal saving user accounts can sometimes grant the user all roles
High
CVE-2016-3169
was published
for
drupal/core
(Composer)
May 17, 2022
Drupal Form API ignores access restrictions on submit buttons
High
CVE-2016-3165
was published
for
drupal/core
(Composer)
May 17, 2022
Drupal CRLF injection vulnerability in the drupal_set_header function
Moderate
CVE-2016-3166
was published
for
drupal/core
(Composer)
May 17, 2022
phpMyAdmin cross-site scripting Vulnerability via ENUM value
Low
CVE-2014-7217
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Improper Neutralization of Input During Web Page Generation in Apache Solr
Moderate
CVE-2015-8797
was published
for
org.apache.solr:solr-core
(Maven)
May 17, 2022
Improper Neutralization of Input During Web Page Generation in Apache Solr
Moderate
CVE-2015-8795
was published
for
org.apache.solr:solr-core
(Maven)
May 17, 2022
Dolibarr ERP and CRM contain XSS Vulnerabilities
Moderate
CVE-2016-1912
was published
for
dolibarr/dolibarr
(Composer)
May 17, 2022
Joomla! Framework Remote Code Injection Vulnerability
High
CVE-2015-8566
was published
for
joomla/session
(Composer)
May 17, 2022
Insecure Temporary File in Jinja2
Moderate
CVE-2014-0012
was published
for
Jinja2
(pip)
May 17, 2022
Plone denial of service via Caching Bypass
Moderate
CVE-2012-5498
was published
for
plone
(pip)
May 17, 2022
Cross-site Scripting in SmartyException
Moderate
CVE-2012-4437
was published
for
smarty/smarty
(Composer)
May 17, 2022
OpenStack Identity (Keystone) DoS through V3 API authentication chaining
High
CVE-2014-2828
was published
for
keystone
(pip)
May 17, 2022
Apache Ambari Open Redirect
Moderate
CVE-2015-5210
was published
for
org.apache.ambari:ambari
(Maven)
May 17, 2022
Apache Ambari SSRF Vulnerability
Moderate
CVE-2015-1775
was published
for
org.apache.ambari:ambari
(Maven)
May 17, 2022
OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions
Moderate
CVE-2015-5251
was published
for
glance
(pip)
May 17, 2022
Improper Limitation of a Pathname to a Restricted Directory in Apache Solr
Moderate
CVE-2013-6397
was published
for
org.apache.solr:solr-core
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API