GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,824 advisories
Filter by severity
Improper Input Validation in .Net Framework API's
Moderate
CVE-2019-0657
was published
for
Microsoft.NETCore.App
(NuGet)
May 14, 2022
Cross-site Scripting in Jolokia agent
Moderate
CVE-2018-1000129
was published
for
org.jolokia:jolokia-core
(Maven)
May 14, 2022
Improper Input Validation in Jetty
Moderate
CVE-2011-4461
was published
for
org.eclipse.jetty:jetty-server
(Maven)
May 14, 2022
Phusion Passenger Race Condition Allows Privilege Escalation
High
CVE-2018-12029
was published
for
passenger
(RubyGems)
May 14, 2022
Phusion Passenger SpawningKit Contains Arbitrary Read/Write Vulnerability
Critical
CVE-2018-12026
was published
for
passenger
(RubyGems)
May 14, 2022
Dolibarr Stored Cross-site Scripting in expensereport/card.php
Moderate
CVE-2018-16808
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Injection in Jolokia agent
High
CVE-2018-1000130
was published
for
org.jolokia:jolokia-core
(Maven)
May 14, 2022
Dolibarr SQL injection via the integer parameters qty and value_unit
Critical
CVE-2018-16809
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Apache Solr Kerberos delegation token functionality flaws
High
CVE-2017-9803
was published
for
org.apache.solr:solr-core
(Maven)
May 14, 2022
Code Injection in baserCMS
High
CVE-2017-10844
was published
for
baserproject/basercms
(Composer)
May 14, 2022
baserCMS SQL Injection vulnerability
Critical
CVE-2017-10842
was published
for
baserproject/basercms
(Composer)
May 14, 2022
Symfony Session Fixation Vulnerability
High
CVE-2018-11385
was published
for
symfony/security
(Composer)
May 14, 2022
Subrion CMS vulnerable to CSRF in admin/blocks/add
High
CVE-2017-6068
was published
for
intelliants/subrion
(Composer)
May 14, 2022
Symfony Open Redirect
Moderate
CVE-2017-16652
was published
for
symfony/security
(Composer)
May 14, 2022
PayPal PHP Merchant SDK Cross-site scripting (XSS) vulnerability
Moderate
CVE-2017-6099
was published
for
paypal/merchant-sdk-php
(Composer)
May 14, 2022
Symfony Directory Traversal
High
CVE-2017-16654
was published
for
symfony/intl
(Composer)
May 14, 2022
Symfony Open Redirect
Moderate
CVE-2018-11408
was published
for
symfony/security-bundle
(Composer)
May 14, 2022
GeniXCMS SQL injection vulnerability
High
CVE-2017-5346
was published
for
genix/cms
(Composer)
May 14, 2022
Craft CMS Cross-site Scripting (XSS) Vulnerability
Moderate
CVE-2018-20418
was published
for
craftcms/cms
(Composer)
May 14, 2022
Silverstripe CMS XSS Vulnerability
Moderate
CVE-2017-5197
was published
for
silverstripe/cms
(Composer)
May 14, 2022
phpMyAdmin Open Redirect
Moderate
CVE-2017-1000013
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
phpMyAdmin DoS Vulnerability
High
CVE-2017-1000014
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
phpMyAdmin CSS Injection Vulnerability
Moderate
CVE-2017-1000015
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
phpMyAdmin DoS Vulnerability
High
CVE-2017-1000018
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
Improper Authentication in Hibernate Validator
Moderate
CVE-2014-3558
was published
for
org.hibernate:hibernate-validator
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API