GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,727
Erlang
29
GitHub Actions
16
Go
1,709
Maven
4,946
npm
3,474
NuGet
605
pip
3,000
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,930 advisories
Filter by severity
i18n Vulnerable to Denial of Service Attack
High
CVE-2014-10077
was published
for
i18n
(RubyGems)
May 14, 2022
LFI in PHP-Proxy 5.1.0
High
CVE-2018-19246
was published
for
athlon1600/php-proxy
(Composer)
May 14, 2022
FineUploader php-traditional-server unauthenticated arbitrary file upload vulnerability
Critical
CVE-2018-9209
was published
for
fineuploader/php-traditional-server
(Composer)
May 14, 2022
Unauthenticated File Read in PHP Proxy
High
CVE-2018-19458
was published
for
athlon1600/php-proxy-app
(Composer)
May 14, 2022
Jenkins Cross-site Scripting vulnerability
Moderate
CVE-2014-3681
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
python-kerberos vulnerable to KDC spoofing attacks
High
CVE-2015-3206
was published
for
kerberos
(pip)
May 14, 2022
Showdoc Forced Browsing
Moderate
CVE-2018-19609
was published
for
showdoc/showdoc
(Composer)
May 14, 2022
Showdoc CSRF Vulnerability
Moderate
CVE-2018-19621
was published
for
showdoc/showdoc
(Composer)
May 14, 2022
XSS in PHP-Proxy-App through v3.0
Moderate
CVE-2018-19785
was published
for
athlon1600/php-proxy-app
(Composer)
May 14, 2022
Asset Pipeline plugin for Grails vulnerable to Path Traversal
High
CVE-2018-17605
was published
for
org.grails.plugins:asset-pipeline
(Maven)
May 14, 2022
Umbraco CMS vulnerable to stored XSS
Moderate
CVE-2018-17256
was published
for
umbraco
(NuGet)
May 14, 2022
Flarum Core Leaks PII
Moderate
CVE-2018-19133
was published
for
flarum/framework
(Composer)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in SonarSource SonarQube API
Moderate
CVE-2018-19413
was published
for
org.sonarsource.sonarqube:sonar-plugin-api
(Maven)
May 14, 2022
Bolt Cross-site Scripting (XSS) via text input click preview button
Moderate
CVE-2018-19933
was published
for
bolt/bolt
(Composer)
May 14, 2022
RDF4J vulnerable to zip slip
High
CVE-2018-20227
was published
for
org.eclipse.rdf4j:rdf4j
(Maven)
May 14, 2022
Dolibarr stored cross-site scripting (XSS) vulnerability
Moderate
CVE-2018-19995
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Dolibarr reflected cross-site scripting (XSS) vulnerability
Moderate
CVE-2018-19993
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Dolibarr stored cross-site scripting (XSS) vulnerability
Moderate
CVE-2018-19992
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
CSRF in PHP Server Monitor before 3.3.2
Moderate
CVE-2018-18921
was published
for
phpservermon/phpservermon
(Composer)
May 14, 2022
Grafana XSS Vulnerability
Moderate
CVE-2018-1000816
was published
for
github.com/grafana/grafana
(Go)
May 14, 2022
Improper Input Validation in Apache Karaf
Moderate
CVE-2014-0219
was published
for
org.apache.karaf:apache-karaf
(Maven)
May 14, 2022
Dolibarr error-based SQL injection vulnerability in product/card.php
High
CVE-2018-19994
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Dolibarr SQL injection vulnerability in user/card.php
High
CVE-2018-19998
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Denial of service in ASP.NET Core
High
CVE-2019-0564
was published
for
Microsoft.AspNetCore.All
(NuGet)
May 14, 2022
Exposure of Sensitive Information in System.Net.Http
High
CVE-2019-0545
was published
for
Microsoft.NETCore.App
(NuGet)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API