GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,732
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,946
npm
3,474
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,937 advisories
Filter by severity
OpenStack Compute (Nova)'s VMWare driver vulnerable to denial of service
Moderate
CVE-2014-3608
was published
for
nova
(pip)
May 14, 2022
OpenStack Nova host data access through resize/migration
Moderate
CVE-2016-2140
was published
for
nova
(pip)
May 14, 2022
OpenStack Oslo utility sensitive information exposure via log files
Low
CVE-2014-7231
was published
for
oslo.utils
(pip)
May 14, 2022
Coaster CMS Stored Cross-site Scripting vulnerability
Moderate
CVE-2018-17876
was published
for
web-feet/coastercms
(Composer)
May 14, 2022
Elefant CMS Code Execution Vulnerability
Critical
CVE-2018-16974
was published
for
elefant/cms
(Composer)
May 14, 2022
ThinkPHP SQL injection vulnerability
Critical
CVE-2018-17566
was published
for
topthink/framework
(Composer)
May 14, 2022
QuickAppsCMS Cross-Site Request Forgery (CSRF)
High
CVE-2018-17102
was published
for
quickapps/cms
(Composer)
May 14, 2022
AlchemyCMS is vulnerable to stored XSS via the /admin/pictures image field
Moderate
CVE-2018-18307
was published
for
alchemy_cms
(RubyGems)
May 14, 2022
Arbitrary code execution in Apache Struts 2
High
CVE-2013-2134
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Cross-site Scripting in Apache Struts
Moderate
CVE-2015-5169
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
Arbitrary code execution in Apache Struts 2
High
CVE-2013-2135
was published
for
org.apache.struts.xwork:xwork-core
(Maven)
May 14, 2022
Cross-site Scripting in Apache Struts
Moderate
CVE-2016-4003
was published
for
org.apache.struts:struts2-core
(Maven)
May 14, 2022
Mediawiki tarball is missing .htaccess files
Moderate
CVE-2018-13258
was published
for
mediawiki/core
(Composer)
May 14, 2022
Apache Solr insecure inter-node communication
High
CVE-2017-7660
was published
for
org.apache.solr:solr-core
(Maven)
May 14, 2022
Open Chinese Convert subject to Denial of Service via Out-of-bounds Read
Moderate
CVE-2018-16982
was published
for
OpenCC
(npm)
May 14, 2022
RubyGems Path Traversal vulnerability
Moderate
CVE-2018-1000079
was published
for
org.jruby:jruby-stdlib
(RubyGems)
May 14, 2022
Zenario CMS vulnerable to CSRF
High
CVE-2018-18420
was published
for
tribalsystems/zenario
(Composer)
May 14, 2022
ThinkPHP SQLi Vulnerability
Critical
CVE-2018-18530
was published
for
topthink/framework
(Composer)
May 14, 2022
ThinkPHP SQLi Vulnerability
Critical
CVE-2018-18529
was published
for
topthink/framework
(Composer)
May 14, 2022
LibreNMS XSS Vulnerability
Moderate
CVE-2018-18478
was published
for
librenms/librenms
(Composer)
May 14, 2022
ThinkPHP SQLi Vulnerability
Critical
CVE-2018-18546
was published
for
topthink/framework
(Composer)
May 14, 2022
Apache XML-RPC vulnerable to Deserialization of Untrusted Data
Critical
CVE-2016-5003
was published
for
org.apache.xmlrpc:xmlrpc
(Maven)
May 14, 2022
Apache XML-RPC XXE Vulnerability
High
CVE-2016-5002
was published
for
org.apache.xmlrpc:xmlrpc
(Maven)
May 14, 2022
Ajenti Cross-site Scripting Via Filename
Moderate
CVE-2018-18548
was published
for
ajenti
(pip)
May 14, 2022
SabreDAV Directory Traversal vulnerability
Moderate
CVE-2013-1939
was published
for
sabre/dav
(Composer)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API