GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
20,093 advisories
Filter by severity
OpenStack Nova Arbitrary file injection/corruption through directory traversal issues
Moderate
CVE-2012-3361
was published
for
nova
(pip)
May 17, 2022
phpMyAdmin Multiple XSS Vulnerabilities
Low
CVE-2012-4579
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
OpenStack Nova Scheduler denial of service through scheduler_hints
Low
CVE-2012-3371
was published
for
Nova
(pip)
May 17, 2022
Elixir can leak information due to weak use of crypto
Moderate
CVE-2012-2146
was published
for
Elixir
(pip)
May 17, 2022
Tornado CRLF injection vulnerability
Moderate
CVE-2012-2374
was published
for
tornado
(pip)
May 17, 2022
Typo3 Backend XSS Vulnerabilities
Low
CVE-2012-1606
was published
for
typo3/cms
(Composer)
May 17, 2022
Typo3 API XSS Vulnerabilities
Moderate
CVE-2012-1608
was published
for
typo3/cms
(Composer)
May 17, 2022
Typo3 Extbase Framework Unsafe Deserialization
Moderate
CVE-2012-1605
was published
for
typo3/cms
(Composer)
May 17, 2022
OpenStack Keystone token expiration issues
Moderate
CVE-2012-3426
was published
for
Keystone
(pip)
May 17, 2022
OpenStack Keystone Allows Remote User Account Creation
High
CVE-2012-3542
was published
for
keystone
(pip)
May 17, 2022
Beaker Sensitive Information Disclosure vulnerability
Moderate
CVE-2012-3458
was published
for
beaker
(pip)
May 17, 2022
Silverstripe XSS Vulnerabilities
Moderate
CVE-2012-4968
was published
for
silverstripe/framework
(Composer)
May 17, 2022
Silverstripe CMS Arbitrary Code Execution
Moderate
CVE-2011-4962
was published
for
silverstripe/cms
(Composer)
May 17, 2022
Unescaped parameters in the PostgreSQL JDBC driver
High
CVE-2012-1618
was published
for
org.postgresql:postgresql
(Maven)
May 17, 2022
Apache Libcloud vulnerable to certificate impersonation
Moderate
CVE-2012-3446
was published
for
apache-libcloud
(pip)
May 17, 2022
Improper Access Control in JBoss mod_cluster
Moderate
CVE-2012-1154
was published
for
org.jboss.mod_cluster:mod_cluster
(Maven)
May 17, 2022
Python Keyring does not securely initialize encryption cipher
Low
CVE-2012-4571
was published
for
keyring
(pip)
May 17, 2022
Improper Control of Generation of Code in Spring Security
Moderate
CVE-2011-2732
was published
for
org.springframework.security:spring-security-core
(Maven)
May 17, 2022
Symfony Access Control Vulnerability
Moderate
CVE-2012-6432
was published
for
symfony/symfony
(Composer)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Spring Security
Moderate
CVE-2012-5055
was published
for
org.springframework.security:spring-security-core
(Maven)
May 17, 2022
MoinMoin Directory Traversal vulnerability
Moderate
CVE-2012-6080
was published
for
moin
(pip)
May 17, 2022
MoinMoin Multiple vulnerable to directory traversal
Moderate
CVE-2012-6495
was published
for
Moin
(pip)
May 17, 2022
Symfony Allows URI Restrictions Bypass Via Double-Encoded String
Moderate
CVE-2012-6431
was published
for
symfony/http-foundation
(Composer)
May 17, 2022
MoinMoin Cross-site scripting (XSS) vulnerability
Moderate
CVE-2012-6082
was published
for
moin
(pip)
May 17, 2022
User confusion in IronJacamar
Moderate
CVE-2012-3428
was published
for
org.jboss.ironjacamar:ironjacamar-jdbc
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API