Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,128 advisories

Loading
Arbitrary file write vulnerability in Jenkins Fortify CloudScan Plugin Moderate
CVE-2018-1000607 was published for org.jenkins-ci.plugins:fortify-cloudscan-jenkins-plugin (Maven) May 14, 2022
Improper Input Validation in Apache Jackrabbit Moderate
CVE-2015-1833 was published for org.apache.jackrabbit:jackrabbit-core (Maven) May 14, 2022
MarkLee131
Credited to MarkLee131
Shopware RCE Vulnerability Critical
CVE-2016-3109 was published for shopware/shopware (Composer) May 14, 2022
Improper Input Validation in Apache Qpid AMQP 0-x JMS High
CVE-2016-4974 was published for org.apache.qpid:qpid-jms-client (Maven) May 14, 2022
Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource Low
CVE-2018-1999037 was published for org.jenkins-ci.plugins:resource-disposer (Maven) May 14, 2022
Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler Moderate
CVE-2010-1587 was published for org.apache.activemq:activemq-web-console (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Symfony SSRF Vulnerability via Form Component Moderate
CVE-2017-16790 was published for symfony/form (Composer) May 14, 2022
JBoss RESTEasy vulnerable to Improper Input Validation High
CVE-2016-9606 was published for org.jboss.resteasy:resteasy-bom (Maven) May 14, 2022
Symfony Host Header Injection High
CVE-2018-14774 was published for symfony/symfony (Composer) May 14, 2022
Elefant CMS Improper Input Validation Critical
CVE-2018-15601 was published for elefant/cms (Composer) May 14, 2022
OpenStack Neutron Improper Input Validation vulnerability Moderate
CVE-2015-3221 was published for neutron (pip) May 14, 2022
CakePHP allows remote attackers to spoof their IP High
CVE-2016-4793 was published for cakephp/cakephp (Composer) May 14, 2022
ravage84 tdunlap607
Credited to ravage84 and tdunlap607
Improper Input Validation in Bouncy Castle Moderate
CVE-2013-1624 was published for org.bouncycastle:bcprov-jdk15on (Maven) May 14, 2022
Jenkins affected by Open Redirect Vulnerability Low
CVE-2012-6073 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Jenkins allows HTTP Injection and Response Splitting Moderate
CVE-2012-6072 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
python-glanceclient vulnerable to SSL server spoofing due to unverified X.509 certificate High
CVE-2013-4111 was published for python-glanceclient (pip) May 14, 2022
python-bugzilla has improper validation of X.509 certificates High
CVE-2013-2191 was published for python-bugzilla (pip) May 14, 2022
Django Allows Open Redirects High
CVE-2014-3730 was published for Django (pip) May 14, 2022
Django Incorrectly Validates URLs High
CVE-2014-0480 was published for Django (pip) May 14, 2022
Mercurial vulnerable to arbitrary code execution via a crafted name when converting a Git repository High
CVE-2016-3069 was published for mercurial (pip) May 14, 2022
Mercurial arbitrary code execution via a crafted git ext:: URL High
CVE-2016-3068 was published for mercurial (pip) May 14, 2022
Mercurial vulnerable to arbitrary command execution via a crafted repository name in a clone command Critical
CVE-2014-9462 was published for mercurial (pip) May 14, 2022
Pillow denial of service via PNG bomb High
CVE-2014-9601 was published for pillow (pip) May 14, 2022
Pillow denial of service via Crafted Block Size High
CVE-2014-3589 was published for pillow (pip) May 14, 2022
Ansible Arbitrary Code Execution High
CVE-2014-3498 was published for ansible (pip) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database