GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,107
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,659
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
238 advisories
Filter by severity
TripleO Heat templates might allow remote attackers to obtain sensitive information from private containers
High
CVE-2015-5271
was published
for
tripleo-heat-templates
(pip)
May 17, 2022
Apache Geode information disclosure vulnerability
High
CVE-2017-5649
was published
for
org.apache.geode:geode-core
(Maven)
May 17, 2022
Apache OpenMeetings displays Tomcat version and detailed error stack trace
High
CVE-2017-7683
was published
for
org.apache.openmeetings:openmeetings-parent
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Qpid Broker for Java
High
CVE-2016-8741
was published
for
org.apache.qpid:qpid-broker
(Maven)
May 17, 2022
The Undertow module of WildFly allows source code disclosure
High
CVE-2015-3198
was published
for
org.wildfly:wildfly-parent
(Maven)
May 17, 2022
OpenStack Nova Live migration can leak root disk into ephemeral storage
High
CVE-2013-7130
was published
for
nova
(pip)
May 17, 2022
Apache Atlas produces Stack trace in error response
High
CVE-2017-3154
was published
for
org.apache.atlas:atlas-common
(Maven)
May 17, 2022
Dolibarr ERP and CRM Sensitive Data Disclosure
High
CVE-2017-14240
was published
for
dolibarr/dolibarr
(Composer)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Directory LDAP API
High
CVE-2015-3250
was published
for
org.apache.directory.api:api-ldap-model
(Maven)
May 17, 2022
ChakraCore RCE Vulnerability
High
CVE-2017-11801
was published
for
Microsoft.ChakraCore
(NuGet)
May 17, 2022
ChakraCore RCE Vulnerability
High
CVE-2017-11797
was published
for
Microsoft.ChakraCore
(NuGet)
May 17, 2022
Apache MyFaces Vulnerable to EL Injection
High
CVE-2011-4343
was published
for
org.apache.myfaces.core:myfaces-core-module
(Maven)
May 17, 2022
Jenkins Pipeline: Input Step Plugin
High
CVE-2017-1000108
was published
for
org.jenkins-ci.plugins:pipeline-input-step
(Maven)
May 17, 2022
Zend Framework Information Disclosure
High
CVE-2015-7503
was published
for
zendframework/zend-crypt
(Composer)
May 17, 2022
Apache Sling Authentication Service vulnerability
High
CVE-2017-15700
was published
for
org.apache.sling:org.apache.sling.auth.core
(Maven)
May 14, 2022
Dolibarr sensitive information disclosure
High
CVE-2017-17898
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
backup-agoddard and backup_checksum have Information Exposure vulnerability
High
CVE-2014-4993
was published
for
backup-agoddard
(RubyGems)
May 14, 2022
codders-dataset Process Table Local Plaintext Credential Disclosure
High
CVE-2014-4991
was published
for
codders-dataset
(RubyGems)
May 14, 2022
VladTheEnterprising allows local users to obtain sensitive information by reading MySQL root password from temporary file
High
CVE-2014-4995
was published
for
VladTheEnterprising
(RubyGems)
May 14, 2022
kajam allows local users to obtain sensitive information by listing the process
High
CVE-2014-4999
was published
for
kajam
(RubyGems)
May 14, 2022
point-cli allows local users to obtain sensitive information by listing the process
High
CVE-2014-4997
was published
for
point-cli
(RubyGems)
May 14, 2022
lean-ruport allows local users to obtain sensitive information by listing the process
High
CVE-2014-4998
was published
for
lean-ruport
(RubyGems)
May 14, 2022
Apache Geode gfsh authorization vulnerability
High
CVE-2017-12622
was published
for
org.apache.geode:geode-core
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API