Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

460 advisories

Loading
Apache Struts Open Redirect High
CVE-2016-4433 was published for org.apache.struts.xwork:xwork-core (Maven) May 17, 2022
sunSUNQ
Apache Struts Access Control Redirect High
CVE-2016-4431 was published for org.apache.struts:struts-parent (Maven) May 17, 2022
Improper Input Validation in Apache Commons Email High
CVE-2017-9801 was published for org.apache.commons:commons-email (Maven) May 17, 2022
FormEncode Access Restrictions Bypass High
CVE-2008-6547 was published for FormEncode (pip) May 17, 2022
Improper Input Validation in XFire High
CVE-2012-5817 was published for org.codehaus.xfire:xfire-core (Maven) May 17, 2022
Django Vulnerable to HTTP Response Splitting Attack High
CVE-2015-5144 was published for Django (pip) May 17, 2022
sunSUNQ
Plone Header Injection High
CVE-2015-7318 was published for Plone (pip) May 17, 2022
SaltStack Salt Denial of Service via a crafted authentication request High
CVE-2017-14696 was published for salt (pip) May 17, 2022
Improper Input Validation in Microsoft.NETCore.App High
CVE-2017-8585 was published for Microsoft.NETCore.App (NuGet) May 17, 2022
CodeIgniter HTTP Header Injection High
CVE-2017-1000247 was published for codeigniter4/framework (Composer) May 17, 2022
Jenkins allows Deserialization of Untrusted Data via an XML File High
CVE-2016-0792 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Arbitrary file write in Apache Commons Fileupload High
CVE-2013-2186 was published for commons-fileupload:commons-fileupload (Maven) May 14, 2022
MarkLee131
Django Might Allow CSRF Requests via URL Verification High
CVE-2011-4138 was published for Django (pip) May 14, 2022
Django Vulnerable to Cache Poisoning High
CVE-2011-4139 was published for Django (pip) May 14, 2022
Arbitrary file write in NumPy High
CVE-2014-1858 was published for numpy (pip) May 14, 2022
jhutchings1
Apache NiFi host header poisoning issue High
CVE-2017-12632 was published for org.apache.nifi:nifi (Maven) May 14, 2022
Matrix Synapse DoS High
CVE-2018-10657 was published for matrix-synapse (pip) May 14, 2022
Moodle Portfolio script allows instantiation of class chosen by user High
CVE-2018-1137 was published for moodle/moodle (Composer) May 14, 2022
Improper Input Validation in Apache Struts High
CVE-2015-0899 was published for org.apache.struts:struts-core (Maven) May 14, 2022
Special top object can be used to access Struts' internals High
CVE-2015-5209 was published for org.apache.struts:struts2-core (Maven) May 14, 2022
Apache Struts RCE Vulnerability High
CVE-2016-3090 was published for org.apache.struts:struts2-parent (Maven) May 14, 2022
Improper Input Validation in Apache Qpid AMQP 0-x JMS High
CVE-2016-4974 was published for org.apache.qpid:qpid-jms-client (Maven) May 14, 2022
JBoss RESTEasy vulnerable to Improper Input Validation High
CVE-2016-9606 was published for org.jboss.resteasy:resteasy-bom (Maven) May 14, 2022
Symfony Host Header Injection High
CVE-2018-14774 was published for symfony/symfony (Composer) May 14, 2022
CakePHP allows remote attackers to spoof their IP High
CVE-2016-4793 was published for cakephp/cakephp (Composer) May 14, 2022
ravage84 tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database