Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,727
Erlang
29
GitHub Actions
16
Go
1,709
Maven
4,946
npm
3,474
NuGet
605
pip
3,000
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18,930 advisories

i18n Vulnerable to Denial of Service Attack High
CVE-2014-10077 was published for i18n (RubyGems) May 14, 2022
jhutchings1
LFI in PHP-Proxy 5.1.0 High
CVE-2018-19246 was published for athlon1600/php-proxy (Composer) May 14, 2022
FineUploader php-traditional-server unauthenticated arbitrary file upload vulnerability Critical
CVE-2018-9209 was published for fineuploader/php-traditional-server (Composer) May 14, 2022
Unauthenticated File Read in PHP Proxy High
CVE-2018-19458 was published for athlon1600/php-proxy-app (Composer) May 14, 2022
Jenkins Cross-site Scripting vulnerability Moderate
CVE-2014-3681 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
python-kerberos vulnerable to KDC spoofing attacks High
CVE-2015-3206 was published for kerberos (pip) May 14, 2022
Showdoc Forced Browsing Moderate
CVE-2018-19609 was published for showdoc/showdoc (Composer) May 14, 2022
Showdoc CSRF Vulnerability Moderate
CVE-2018-19621 was published for showdoc/showdoc (Composer) May 14, 2022
XSS in PHP-Proxy-App through v3.0 Moderate
CVE-2018-19785 was published for athlon1600/php-proxy-app (Composer) May 14, 2022
Asset Pipeline plugin for Grails vulnerable to Path Traversal High
CVE-2018-17605 was published for org.grails.plugins:asset-pipeline (Maven) May 14, 2022
Umbraco CMS vulnerable to stored XSS Moderate
CVE-2018-17256 was published for umbraco (NuGet) May 14, 2022
Flarum Core Leaks PII Moderate
CVE-2018-19133 was published for flarum/framework (Composer) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in SonarSource SonarQube API Moderate
CVE-2018-19413 was published for org.sonarsource.sonarqube:sonar-plugin-api (Maven) May 14, 2022
MarkLee131
Bolt Cross-site Scripting (XSS) via text input click preview button Moderate
CVE-2018-19933 was published for bolt/bolt (Composer) May 14, 2022
RDF4J vulnerable to zip slip High
CVE-2018-20227 was published for org.eclipse.rdf4j:rdf4j (Maven) May 14, 2022
MarkLee131
Dolibarr stored cross-site scripting (XSS) vulnerability Moderate
CVE-2018-19995 was published for dolibarr/dolibarr (Composer) May 14, 2022
Dolibarr reflected cross-site scripting (XSS) vulnerability Moderate
CVE-2018-19993 was published for dolibarr/dolibarr (Composer) May 14, 2022
Dolibarr stored cross-site scripting (XSS) vulnerability Moderate
CVE-2018-19992 was published for dolibarr/dolibarr (Composer) May 14, 2022
CSRF in PHP Server Monitor before 3.3.2 Moderate
CVE-2018-18921 was published for phpservermon/phpservermon (Composer) May 14, 2022
Grafana XSS Vulnerability Moderate
CVE-2018-1000816 was published for github.com/grafana/grafana (Go) May 14, 2022
Improper Input Validation in Apache Karaf Moderate
CVE-2014-0219 was published for org.apache.karaf:apache-karaf (Maven) May 14, 2022
Dolibarr error-based SQL injection vulnerability in product/card.php High
CVE-2018-19994 was published for dolibarr/dolibarr (Composer) May 14, 2022
Dolibarr SQL injection vulnerability in user/card.php High
CVE-2018-19998 was published for dolibarr/dolibarr (Composer) May 14, 2022
Denial of service in ASP.NET Core High
CVE-2019-0564 was published for Microsoft.AspNetCore.All (NuGet) May 14, 2022
Exposure of Sensitive Information in System.Net.Http High
CVE-2019-0545 was published for Microsoft.NETCore.App (NuGet) May 14, 2022
ProTip! Advisories are also available from the GraphQL API