Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,629 advisories

Loading
Incorrect Default Permissions in Apache Commons FileUpload Low
CVE-2013-0248 was published for commons-fileupload:commons-fileupload (Maven) May 5, 2022
ruby_parser allows local users to overwrite arbitrary files via symlink attack on temporary file with predictable name Low
CVE-2013-0162 was published for ruby_parser (RubyGems) May 5, 2022
Jenkins allows attackers to obtain the master cryptographic key Low
CVE-2013-0158 was published for org.jenkins-ci.main:jenkins-core (Maven) May 5, 2022
sunSUNQ
Credited to sunSUNQ
Jenkins allows Cross-Site Scripting (XSS) Low
CVE-2012-0324 was published for org.jenkins-ci.main:jenkins-core (Maven) May 4, 2022
Jenkins allows Cross-Site Scripting (XSS) Low
CVE-2012-0325 was published for org.jenkins-ci.main:jenkins-core (Maven) May 4, 2022
GoLismero symlink attack Low
CVE-2012-0054 was published for golismero (pip) May 4, 2022
Cross-site scripting in Apache ActiveMQ Low
CVE-2010-0684 was published for org.apache.activemq:activemq-parent (Maven) May 2, 2022
sunSUNQ MarkLee131
Credited to sunSUNQ and MarkLee131
Puppet arbitrary files overwrite via a symlink attack Low
CVE-2010-0156 was published for puppet (RubyGems) May 2, 2022
Commerce extension for TYPO3 vulnerable to Cross-site Scripting Low
CVE-2009-4963 was published for commerceteam/commerce (Composer) May 2, 2022
TYPO3 Direct Mail Extension Vulnerable to Cross-Site Scripting (XSS) Low
CVE-2009-4159 was published for directmailteam/direct-mail (Composer) May 2, 2022
TYPO3 Backend vulnerable to Cross-site Scripting Low
CVE-2009-3629 was published for typo3/cms-backend (Composer) May 2, 2022
Apache Tomcat information disclosure vulnerability Low
CVE-2008-4308 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
Alkacon OpenCMS XSS via searchfilter parameter in system/workplace/admin/workplace/sessions.jsp Low
CVE-2008-1753 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon OpenCMS XSS via searchfilter or listSearchFilter parameter Low
CVE-2008-1510 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon Open CMS XSS via Logfile Viewer Settings function Low
CVE-2008-1300 was published for org.opencms:opencms-core (Maven) May 1, 2022
Alkacon OpenCMS XSS via file tree navigation in system/workplace/views/explorer/tree_files.jsp Low
CVE-2008-1045 was published for org.opencms:opencms-core (Maven) May 1, 2022
Apache Tomcat Path Traversal Vulnerability Low
CVE-2007-5461 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
Apache Tomcat vulnerable to Cross-site Scripting Low
CVE-2007-2450 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
sunSUNQ MarkLee131
Credited to sunSUNQ and MarkLee131
Apache Tomcat XSS In Accept-Language Headers Low
CVE-2007-1358 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
Alkacon OpenCms XSS via unsanitized message body Low
CVE-2006-3933 was published for org.opencms:opencms-core (Maven) May 1, 2022
Zope allows local users to read arbitrary files Low
CVE-2006-3458 was published for Zope2 (pip) May 1, 2022
Alkacon OpenCms XSS via query parameter in a search action Low
CVE-2006-2571 was published for org.opencms:opencms-core (Maven) May 1, 2022
Cross-site scripting in Apache Struts Low
CVE-2006-1548 was published for struts:struts (Maven) May 1, 2022
Alkacon OpenCms XSS via username during login Low
CVE-2005-4294 was published for org.opencms:opencms-core (Maven) May 1, 2022
Apache Tomcat AJP Connector Information Leak Low
CVE-2005-3164 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database