Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18,824 advisories

Improper Input Validation in .Net Framework API's Moderate
CVE-2019-0657 was published for Microsoft.NETCore.App (NuGet) May 14, 2022
Cross-site Scripting in Jolokia agent Moderate
CVE-2018-1000129 was published for org.jolokia:jolokia-core (Maven) May 14, 2022
Improper Input Validation in Jetty Moderate
CVE-2011-4461 was published for org.eclipse.jetty:jetty-server (Maven) May 14, 2022
Phusion Passenger Race Condition Allows Privilege Escalation High
CVE-2018-12029 was published for passenger (RubyGems) May 14, 2022
Phusion Passenger SpawningKit Contains Arbitrary Read/Write Vulnerability Critical
CVE-2018-12026 was published for passenger (RubyGems) May 14, 2022
Dolibarr Stored Cross-site Scripting in expensereport/card.php Moderate
CVE-2018-16808 was published for dolibarr/dolibarr (Composer) May 14, 2022
Injection in Jolokia agent High
CVE-2018-1000130 was published for org.jolokia:jolokia-core (Maven) May 14, 2022
Dolibarr SQL injection via the integer parameters qty and value_unit Critical
CVE-2018-16809 was published for dolibarr/dolibarr (Composer) May 14, 2022
Apache Solr Kerberos delegation token functionality flaws High
CVE-2017-9803 was published for org.apache.solr:solr-core (Maven) May 14, 2022
Code Injection in baserCMS High
CVE-2017-10844 was published for baserproject/basercms (Composer) May 14, 2022
baserCMS SQL Injection vulnerability Critical
CVE-2017-10842 was published for baserproject/basercms (Composer) May 14, 2022
Symfony Session Fixation Vulnerability High
CVE-2018-11385 was published for symfony/security (Composer) May 14, 2022
Subrion CMS vulnerable to CSRF in admin/blocks/add High
CVE-2017-6068 was published for intelliants/subrion (Composer) May 14, 2022
Symfony Open Redirect Moderate
CVE-2017-16652 was published for symfony/security (Composer) May 14, 2022
PayPal PHP Merchant SDK Cross-site scripting (XSS) vulnerability Moderate
CVE-2017-6099 was published for paypal/merchant-sdk-php (Composer) May 14, 2022
Symfony Directory Traversal High
CVE-2017-16654 was published for symfony/intl (Composer) May 14, 2022
Symfony Open Redirect Moderate
CVE-2018-11408 was published for symfony/security-bundle (Composer) May 14, 2022
GeniXCMS SQL injection vulnerability High
CVE-2017-5346 was published for genix/cms (Composer) May 14, 2022
Craft CMS Cross-site Scripting (XSS) Vulnerability Moderate
CVE-2018-20418 was published for craftcms/cms (Composer) May 14, 2022
Silverstripe CMS XSS Vulnerability Moderate
CVE-2017-5197 was published for silverstripe/cms (Composer) May 14, 2022
phpMyAdmin Open Redirect Moderate
CVE-2017-1000013 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
phpMyAdmin DoS Vulnerability High
CVE-2017-1000014 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
phpMyAdmin CSS Injection Vulnerability Moderate
CVE-2017-1000015 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
phpMyAdmin DoS Vulnerability High
CVE-2017-1000018 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Improper Authentication in Hibernate Validator Moderate
CVE-2014-3558 was published for org.hibernate:hibernate-validator (Maven) May 14, 2022
MarkLee131
ProTip! Advisories are also available from the GraphQL API