Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,107
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,659
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

238 advisories

Loading
TripleO Heat templates might allow remote attackers to obtain sensitive information from private containers High
CVE-2015-5271 was published for tripleo-heat-templates (pip) May 17, 2022
Django Reuses Cached CSRF Token High
CVE-2014-0473 was published for Django (pip) May 17, 2022
MarkLee131
Apache Geode information disclosure vulnerability High
CVE-2017-5649 was published for org.apache.geode:geode-core (Maven) May 17, 2022
SaltStack Salt Information Exposure High
CVE-2017-8109 was published for salt (pip) May 17, 2022
Apache OpenMeetings displays Tomcat version and detailed error stack trace High
CVE-2017-7683 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Qpid Broker for Java High
CVE-2016-8741 was published for org.apache.qpid:qpid-broker (Maven) May 17, 2022
The Undertow module of WildFly allows source code disclosure High
CVE-2015-3198 was published for org.wildfly:wildfly-parent (Maven) May 17, 2022
OpenStack Nova Live migration can leak root disk into ephemeral storage High
CVE-2013-7130 was published for nova (pip) May 17, 2022
Apache Atlas produces Stack trace in error response High
CVE-2017-3154 was published for org.apache.atlas:atlas-common (Maven) May 17, 2022
Dolibarr ERP and CRM Sensitive Data Disclosure High
CVE-2017-14240 was published for dolibarr/dolibarr (Composer) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Directory LDAP API High
CVE-2015-3250 was published for org.apache.directory.api:api-ldap-model (Maven) May 17, 2022
ChakraCore RCE Vulnerability High
CVE-2017-11801 was published for Microsoft.ChakraCore (NuGet) May 17, 2022
ChakraCore RCE Vulnerability High
CVE-2017-11797 was published for Microsoft.ChakraCore (NuGet) May 17, 2022
Apache MyFaces Vulnerable to EL Injection High
CVE-2011-4343 was published for org.apache.myfaces.core:myfaces-core-module (Maven) May 17, 2022
Jenkins Pipeline: Input Step Plugin High
CVE-2017-1000108 was published for org.jenkins-ci.plugins:pipeline-input-step (Maven) May 17, 2022
Zend Framework Information Disclosure High
CVE-2015-7503 was published for zendframework/zend-crypt (Composer) May 17, 2022
Apache Sling Authentication Service vulnerability High
CVE-2017-15700 was published for org.apache.sling:org.apache.sling.auth.core (Maven) May 14, 2022
oscerd
Dolibarr sensitive information disclosure High
CVE-2017-17898 was published for dolibarr/dolibarr (Composer) May 14, 2022
backup-agoddard and backup_checksum have Information Exposure vulnerability High
CVE-2014-4993 was published for backup-agoddard (RubyGems) May 14, 2022
codders-dataset Process Table Local Plaintext Credential Disclosure High
CVE-2014-4991 was published for codders-dataset (RubyGems) May 14, 2022
jasnow
VladTheEnterprising allows local users to obtain sensitive information by reading MySQL root password from temporary file High
CVE-2014-4995 was published for VladTheEnterprising (RubyGems) May 14, 2022
kajam allows local users to obtain sensitive information by listing the process High
CVE-2014-4999 was published for kajam (RubyGems) May 14, 2022
point-cli allows local users to obtain sensitive information by listing the process High
CVE-2014-4997 was published for point-cli (RubyGems) May 14, 2022
lean-ruport allows local users to obtain sensitive information by listing the process High
CVE-2014-4998 was published for lean-ruport (RubyGems) May 14, 2022
Apache Geode gfsh authorization vulnerability High
CVE-2017-12622 was published for org.apache.geode:geode-core (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database