GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
280 advisories
Filter by severity
Django database denial-of-service with ModelMultipleChoiceField
High
CVE-2015-0222
was published
for
Django
(pip)
May 17, 2022
Denial-of-service possibility in logout() view by filling session store
Moderate
CVE-2015-5964
was published
for
Django
(pip)
May 17, 2022
Improper Restriction of XML External Entity Reference in Apache POI
Moderate
CVE-2014-3529
was published
for
org.apache.poi:poi
(Maven)
May 17, 2022
Improper Input Validation in Apache POI
Moderate
CVE-2014-3574
was published
for
org.apache.poi:poi
(Maven)
May 17, 2022
Django denial of service via empty session record creation
Moderate
CVE-2015-5963
was published
for
Django
(pip)
May 17, 2022
Django user with hardcoded password created when running tests on Oracle
Critical
CVE-2016-9013
was published
for
Django
(pip)
May 17, 2022
Django DNS Rebinding Vulnerability
Critical
CVE-2016-9014
was published
for
Django
(pip)
May 17, 2022
Arbitrary file write in Apache Commons Fileupload
High
CVE-2013-2186
was published
for
commons-fileupload:commons-fileupload
(Maven)
May 14, 2022
Deserialization of Untrusted Data in Apache OpenJPA
High
CVE-2013-1768
was published
for
org.apache.openjpa:openjpa
(Maven)
May 14, 2022
Improper Input Validation in Apache Jackrabbit
Moderate
CVE-2015-1833
was published
for
org.apache.jackrabbit:jackrabbit-core
(Maven)
May 14, 2022
Improper Neutralization of Input During Web Page Generation in Apache Tomcat
Moderate
CVE-2010-4172
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Apache Geronimo Application Server multiple directory traversal vulnerabilities
High
CVE-2008-5518
was published
for
org.apache.geronimo.plugins:console
(Maven)
May 14, 2022
Django data leakage via querystring manipulation in admin
Moderate
CVE-2014-0483
was published
for
Django
(pip)
May 14, 2022
Django Denial-of-service possibility with strip_tags
High
CVE-2015-2316
was published
for
Django
(pip)
May 14, 2022
Django cross-site scripting (XSS) attack via user-supplied redirect URLs
Moderate
CVE-2015-2317
was published
for
Django
(pip)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in SonarSource SonarQube API
Moderate
CVE-2018-19413
was published
for
org.sonarsource.sonarqube:sonar-plugin-api
(Maven)
May 14, 2022
RDF4J vulnerable to zip slip
High
CVE-2018-20227
was published
for
org.eclipse.rdf4j:rdf4j
(Maven)
May 14, 2022
Missing Cryptographic Step in OWASP Enterprise Security API for Java
Moderate
CVE-2013-5960
was published
for
org.owasp.esapi:esapi
(Maven)
May 14, 2022
Improper Authentication in Hibernate Validator
Moderate
CVE-2014-3558
was published
for
org.hibernate:hibernate-validator
(Maven)
May 14, 2022
Directory Traversal in Apache Tomcat
Moderate
CVE-2008-5515
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API