Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,128 advisories

Loading
phpMyAdmin DoS Vulnerability High
CVE-2016-9863 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
phpMyAdmin Cookie attribute injection attack High
CVE-2017-1000016 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Improper Input Validation in Apache Axis2 High
CVE-2010-1632 was published for org.apache.axis2.wso2:axis2 (Maven) May 17, 2022
Apache Struts Open Redirect High
CVE-2016-4433 was published for org.apache.struts.xwork:xwork-core (Maven) May 17, 2022
sunSUNQ
Credited to sunSUNQ
Apache Struts vulnerable to possible DoS attack when using URLValidator Moderate
CVE-2016-4465 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ
Credited to sunSUNQ
Apache Struts Access Control Redirect High
CVE-2016-4431 was published for org.apache.struts:struts-parent (Maven) May 17, 2022
Improper Input Validation in Apache Commons Email High
CVE-2017-9801 was published for org.apache.commons:commons-email (Maven) May 17, 2022
Improper Input Validation in OpenSymphony XWork Moderate
CVE-2008-6504 was published for com.opensymphony:xwork (Maven) May 17, 2022
FormEncode Access Restrictions Bypass High
CVE-2008-6547 was published for FormEncode (pip) May 17, 2022
phpMyAdmin allows remote attackers to obtain installation path via direct request for nonexistent file Moderate
CVE-2011-0986 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
TYPO3 Path Traversal vulnerability Moderate
CVE-2010-5099 was published for typo3/cms (Composer) May 17, 2022
OpenStack Compute (Nova) Improper Input Validation Moderate
CVE-2012-2654 was published for nova (pip) May 17, 2022
Improper Input Validation in Apache Axis2 Moderate
CVE-2012-5785 was published for org.apache.axis2:axis2 (Maven) May 17, 2022
Improper Input Validation in XFire High
CVE-2012-5817 was published for org.codehaus.xfire:xfire-core (Maven) May 17, 2022
Tweepy does not verify SSL Certificate Moderate
CVE-2012-5825 was published for tweepy (pip) May 17, 2022
Improper Input Validation in Apache POI Moderate
CVE-2014-3574 was published for org.apache.poi:poi (Maven) May 17, 2022
MarkLee131
Credited to MarkLee131
Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users Moderate
CVE-2011-1475 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
GeniXCMS denial of service (account blockage) Moderate
CVE-2017-14231 was published for genix/cms (Composer) May 17, 2022
Django Vulnerable to HTTP Response Splitting Attack High
CVE-2015-5144 was published for Django (pip) May 17, 2022
sunSUNQ
Credited to sunSUNQ
Plone Header Injection High
CVE-2015-7318 was published for Plone (pip) May 17, 2022
Improper Input Validation in Apache Batik Moderate
CVE-2015-0250 was published for org.apache.xmlgraphics:batik (Maven) May 17, 2022
Denial of service in Apache Tomcat Moderate
CVE-2014-0095 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 17, 2022
q5438722 sunSUNQ
Credited to q5438722 and sunSUNQ
SaltStack Salt Denial of Service via a crafted authentication request High
CVE-2017-14696 was published for salt (pip) May 17, 2022
tar-split memory exhaustion Moderate
CVE-2017-14992 was published for github.com/vbatts/tar-split (Go) May 17, 2022
Improper Input Validation in Microsoft.NETCore.App High
CVE-2017-8585 was published for Microsoft.NETCore.App (NuGet) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database