Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,479
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

280 advisories

Loading
Improper Input Validation in Apache Santuario XML Security Moderate
CVE-2013-4517 was published for org.apache.santuario:xmlsec (Maven) May 13, 2022
MarkLee131
Improper Input Validation in Apache Santuario XML Security Moderate
CVE-2014-8152 was published for org.apache.santuario:xmlsec (Maven) May 13, 2022
MarkLee131
Moodle XSS Vulnerability Moderate
CVE-2019-3847 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Missing XML Validation in Apache Xerces2 High
CVE-2013-4002 was published for xerces:xercesImpl (Maven) May 13, 2022
MarkLee131
Apache Struts's ParameterInterceptor component does not prevent access to public constructors Moderate
CVE-2012-0393 was published for org.apache.struts.xwork:xwork-core (Maven) May 4, 2022
sunSUNQ MarkLee131
Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode Moderate
CVE-2012-0394 was published for org.apache.struts.xwork:xwork-core (Maven) May 4, 2022
sunSUNQ MarkLee131
Denial of Service in Apache Tomcat Moderate
CVE-2012-0022 was published for org.apache.tomcat:tomcat (Maven) May 4, 2022
MarkLee131
Cross-site scripting in Apache ActiveMQ Low
CVE-2010-0684 was published for org.apache.activemq:activemq-parent (Maven) May 2, 2022
sunSUNQ MarkLee131
Apache Tomcat affected by vulnerability in TLS and SSL protocol Moderate
CVE-2009-3555 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
MarkLee131 sunSUNQ
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Tomcat Moderate
CVE-2009-2902 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
MarkLee131 sunSUNQ
Improper Authentication in Apache Tomcat Moderate
CVE-2009-2901 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
MarkLee131 sunSUNQ
Apache Tomcat Directory Traversal vulnerability Moderate
CVE-2009-2693 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
MarkLee131 sunSUNQ
Apache Geronimo Application Server CSRF vulnerabilities Moderate
CVE-2009-0039 was published for org.apache.geronimo.plugins:console (Maven) May 2, 2022
westonsteimel MarkLee131
Apache Geronimo Application Server multiple cross-site scripting (XSS) vulnerabilities Moderate
CVE-2009-0038 was published for org.apache.geronimo.plugins:console (Maven) May 2, 2022
MarkLee131
Django cross-site request forgery (CSRF) vulnerability High
CVE-2008-3909 was published for django (pip) May 2, 2022
MarkLee131
Apache Tomcat Directory Traversal vulnerability Moderate
CVE-2008-2938 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
MarkLee131
Django Cross-site scripting (XSS) vulnerability Moderate
CVE-2008-2302 was published for django (pip) May 1, 2022
MarkLee131
Django vulnerable to Denial of Service via i18n middleware component High
CVE-2007-5712 was published for Django (pip) May 1, 2022
MarkLee131
Apache Tomcat vulnerable to Cross-site Scripting Low
CVE-2007-2450 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
sunSUNQ MarkLee131
Django Improper Access Control Moderate
CVE-2007-0405 was published for Django (pip) May 1, 2022
MarkLee131
Django Arbitrary Code Execution High
CVE-2007-0404 was published for Django (pip) May 1, 2022
MarkLee131
Infinite Loop in Django High
CVE-2022-23833 was published for Django (pip) Feb 4, 2022
tdunlap607 MarkLee131
Password stored in plain text by Jenkins Publish Over SSH Plugin Low
CVE-2022-23114 was published for org.jenkins-ci.plugins:publish-over-ssh (Maven) Jan 13, 2022
NotMyFault MarkLee131
Improper Access Control in moodle High
CVE-2020-25698 was published for moodle/moodle (Composer) Mar 29, 2021
MarkLee131
Authorization Bypass in Spring Security Critical
CVE-2014-3527 was published for org.springframework.security:spring-security-core (Maven) Sep 15, 2020
MarkLee131
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database