GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,996
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,545
NuGet
620
pip
3,136
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
19,583 advisories
Filter by severity
Improper Input Validation in XFire
High
CVE-2012-5817
was published
for
org.codehaus.xfire:xfire-core
(Maven)
May 17, 2022
Tweepy does not verify SSL Certificate
Moderate
CVE-2012-5825
was published
for
tweepy
(pip)
May 17, 2022
Improper Authentication in Apache Tomcat
Moderate
CVE-2012-5886
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 17, 2022
Improper Authentication in Apache Tomcat
Moderate
CVE-2012-5887
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Roundup Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2012-6132
was published
for
roundup
(pip)
May 17, 2022
Roundup Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2012-6130
was published
for
roundup
(pip)
May 17, 2022
Roundup Cross-site scripting (XSS) vulnerability
Moderate
CVE-2012-6131
was published
for
roundup
(pip)
May 17, 2022
Typo3 Backend API XSS Vulnerability
Low
CVE-2012-6147
was published
for
typo3/cms
(Composer)
May 17, 2022
Typo3 Backend History Module Vulnerable to XSS
Low
CVE-2012-6145
was published
for
typo3/cms
(Composer)
May 17, 2022
Typo3 Backend History Module Vulnerable to SQL Injection
Moderate
CVE-2012-6144
was published
for
typo3/cms
(Composer)
May 17, 2022
Typo3 Function Menu API XSS Vulnerability
Low
CVE-2012-6148
was published
for
typo3/cms
(Composer)
May 17, 2022
Symphony Vulnerable to PHP Code Injection via YAML Parsing
High
CVE-2013-1348
was published
for
symfony/symfony
(Composer)
May 17, 2022
Symfony Arbitrary PHP code Execution
High
CVE-2013-1397
was published
for
symfony/symfony
(Composer)
May 17, 2022
OpenStack Compute (Nova) Denial of service via a large number of calls to the addFixedIp function
Moderate
CVE-2013-1838
was published
for
nova
(pip)
May 17, 2022
OpenStack Glance is vulnerable to Exposure of Sensitive Information
Low
CVE-2013-1840
was published
for
glance
(pip)
May 17, 2022
Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
Moderate
CVE-2013-1879
was published
for
org.apache.activemq:activemq-client
(Maven)
May 17, 2022
Karteek Docsplit vulnerable to OS Command Injection
High
CVE-2013-1933
was published
for
karteek-docsplit
(RubyGems)
May 17, 2022
OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user
Moderate
CVE-2013-2059
was published
for
keystone
(pip)
May 17, 2022
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Sling
Moderate
CVE-2013-2254
was published
for
org.apache.sling:org.apache.sling.api
(Maven)
May 17, 2022
Django Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget
Moderate
CVE-2013-4249
was published
for
django
(pip)
May 17, 2022
DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter
Moderate
CVE-2013-4649
was published
for
DotNetNuke.Core
(NuGet)
May 17, 2022
TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component
Low
CVE-2013-7074
was published
for
typo3/cms
(Composer)
May 17, 2022
TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework
Low
CVE-2013-7078
was published
for
typo3/cms-core
(Composer)
May 17, 2022
TYPO3 Flow Cross-site scripting (XSS) vulnerability
Moderate
CVE-2013-7082
was published
for
neos/flow
(Composer)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API