Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,128 advisories

Loading
Hostname verification in Apache HttpClient 4.3 was disabled by default Critical
CVE-2013-4366 was published for org.apache.httpcomponents:httpclient (Maven) May 13, 2022
briandealwis MarkLee131
Credited to briandealwis and MarkLee131
Mercurial Improper Input Validation vulnerability High
CVE-2018-13348 was published for mercurial (pip) May 13, 2022
Mercurial Improper Input Validation vulnerability High
CVE-2018-13346 was published for mercurial (pip) May 13, 2022
Improper Input Validation in Apache Tomcat High
CVE-2016-6816 was published for org.apache.tomcat:tomcat-coyote (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
Code injection in Apache Struts Critical
CVE-2013-2251 was published for org.apache.struts:struts2-core (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
Improper Input Validation in BeanShell High
CVE-2016-2510 was published for org.apache-extras.beanshell:bsh (Maven) May 13, 2022
Moodle XSS Vulnerability High
CVE-2018-10891 was published for moodle/moodle (Composer) May 13, 2022
open-uri-cached Gem for Ruby Unsafe Temporary File Creation Enables Code Execution High
CVE-2015-3649 was published for open-uri-cached (RubyGems) May 13, 2022
Moodle allows remote authenticated users to cause a denial of service (invalid database records) Moderate
CVE-2011-4291 was published for moodle/moodle (Composer) May 13, 2022
Moodle is vulnerable to Improper Input Validation in MoodleQuickForm class Moderate
CVE-2013-2083 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle Arbitrary File Read via Backup Functionality Moderate
CVE-2012-6099 was published for moodle/moodle (Composer) May 13, 2022
Moodle allows attackers to trigger the generation of arbitrary messages Moderate
CVE-2014-9060 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle Incorrect sanitation of attributes in forums Moderate
CVE-2017-2576 was published for moodle/moodle (Composer) May 13, 2022
Improper Input Validation in pip High
CVE-2013-1629 was published for pip (pip) May 13, 2022
Codiad remote code execution vulnerability Critical
CVE-2018-14009 was published for codiad/codiad (Composer) May 13, 2022
Improper Input Validation in Apache CXF High
CVE-2010-2076 was published for org.apache.cxf:cxf-rt-frontend-jaxrs (Maven) May 13, 2022
Remote web-service operation execution in Apache CXF High
CVE-2012-3451 was published for org.apache.cxf:cxf (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
Improper Input Validation in Apache CXF Moderate
CVE-2014-0034 was published for org.apache.cxf:cxf-rt-ws-security (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
Improper Input Validation in Apache CXF Moderate
CVE-2017-12624 was published for org.apache.cxf:cxf-core (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
Improper Input Validation in Apache Hadoop High
CVE-2017-3162 was published for org.apache.hadoop:hadoop-client (Maven) May 13, 2022
Apache Qpid Python client Improper certificate validation High
CVE-2013-1909 was published for qpid-python (pip) May 13, 2022
Ansible Improper Input Validation vulnerability High
CVE-2018-10874 was published for ansible (pip) May 13, 2022
OpensStack Neutron Denial of Service Vulnerability High
CVE-2018-14635 was published for neutron (pip) May 13, 2022
Ansible Arbitrary Code Execution High
CVE-2017-7466 was published for ansible (pip) May 13, 2022
Improper Input Validation in Apache Santuario XML Security Moderate
CVE-2013-4517 was published for org.apache.santuario:xmlsec (Maven) May 13, 2022
MarkLee131
Credited to MarkLee131
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database