Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

20,093 advisories

Loading
python-keystoneclient missing expiration check in PKI token validation Moderate
CVE-2013-2104 was published for python-keystoneclient (pip) May 17, 2022
EC-CUBE vulnerable to authorization bypass Moderate
CVE-2014-0808 was published for ec-cube/ec-cube (Composer) May 17, 2022
Django Denial of Service Vulnerability in the authentication framework High
CVE-2013-1443 was published for Django (pip) May 17, 2022
Code injection via property expansion in SoapUI High
CVE-2014-1202 was published for com.smartbear.soapui:soapui (Maven) May 17, 2022
q5438722
Python Swift client is vulnerable to Missing SSL Certificate Check Moderate
CVE-2013-6396 was published for python-swiftclient (pip) May 17, 2022
CiviCRM SQL injection vulnerability via Quick Search API Moderate
CVE-2013-4662 was published for civicrm/civicrm-core (Composer) May 17, 2022
OpenStack Identity Keystone Privilege Escalation vulnerability Low
CVE-2013-4477 was published for keystone (pip) May 17, 2022
Improper Restriction of XML External Entity Reference in Apache Solr High
CVE-2012-6612 was published for org.apache.solr:solr-core (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in JGroup Moderate
CVE-2013-4112 was published for org.jgroups:jgroups (Maven) May 17, 2022
OpenStack Nova Router metadata queries are not restricted by tenant Moderate
CVE-2013-6419 was published for nova (pip) May 17, 2022
OpenStack Glance sensitive information disclosure via logs Low
CVE-2014-1948 was published for glance (pip) May 17, 2022
OpenStack Swift Discloses Secret URLs to Timing Attack Moderate
CVE-2014-0006 was published for swift (pip) May 17, 2022
Plone Privilege escalation due improper authorization Moderate
CVE-2013-4189 was published for Plone (pip) May 17, 2022
Plone Authenticated Denial of Service vulnerability Moderate
CVE-2013-4188 was published for plone (pip) May 17, 2022
Plone's authenticated users able to alter their password despite of policy definition Moderate
CVE-2013-4198 was published for Plone (pip) May 17, 2022
Plone is vulnerable to email spoofing Moderate
CVE-2013-4192 was published for plone (pip) May 17, 2022
Plone Denial of Service vulnerability via decompressing large zip archives Low
CVE-2013-4199 was published for plone (pip) May 17, 2022
Plone is vulnerable to File System Path Exposure Low
CVE-2013-4194 was published for plone (pip) May 17, 2022
Plone is vulnerable to information exposure via the object manager implementation Moderate
CVE-2013-4196 was published for plone (pip) May 17, 2022
Plone is vulnerable to Information Exposure when generating zip archives Moderate
CVE-2013-4191 was published for plone (pip) May 17, 2022
Plone Multiple cross-site scripting (XSS) vulnerabilities Moderate
CVE-2013-4190 was published for plone (pip) May 17, 2022
Plone Multiple open redirect vulnerabilities Moderate
CVE-2013-4195 was published for plone (pip) May 17, 2022
DotNetNuke (DNN) Open redirect vulnerability Moderate
CVE-2013-7335 was published for DotNetNuke.Core (NuGet) May 17, 2022
Plone Unrestricted Filed Manipulation vulnerability via content edit forms Moderate
CVE-2013-4193 was published for plone (pip) May 17, 2022
Plone Improper Access Control Vulnerability High
CVE-2013-4197 was published for plone (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API