GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,069
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,627
NuGet
638
pip
3,239
Pub
10
RubyGems
858
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
8,909 advisories
Filter by severity
Magento Open Source Cross-Site Request Forgery vulnerability
Moderate
CVE-2024-39408
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2024-39409
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
Moderate
CVE-2024-39410
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
Magento Open Source Improper Authorization vulnerability
Moderate
CVE-2024-39412
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
Mattermost Desktop App Uncontrolled Search Path Vulnerability
Moderate
CVE-2024-39613
was published
for
mattermost-desktop
(npm)
Sep 16, 2024
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries
Moderate
CVE-2024-46942
was published
for
org.opendaylight.mdsal:mdsal-artifacts
(Maven)
Sep 16, 2024
Ansible template injection vulnerability
Moderate
CVE-2023-5764
was published
for
ansible-core
(pip)
Dec 13, 2023
Concrete CMS Stored XSS in the "Next&Previous Nav" block
Moderate
CVE-2024-8661
was published
for
concrete5/concrete5
(Composer)
Sep 16, 2024
Incorrect signature verification in django-ses
Moderate
CVE-2023-33185
was published
for
django-ses
(pip)
May 22, 2023
User passwords are stored in clear text in the Django session
Moderate
CVE-2020-15105
was published
for
django-two-factor-auth
(pip)
Jul 10, 2020
Django vulnerable to Denial of Service via i18n middleware component
Moderate
CVE-2007-5712
was published
for
Django
(pip)
May 1, 2022
Infinispan circular object references causes out of memory errors
Moderate
CVE-2023-5236
was published
for
org.infinispan.protostream:protostream
(Maven)
Dec 28, 2023
django-ucamlookup Cross-site Scripting vulnerability
Moderate
CVE-2016-15010
was published
for
django-ucamlookup
(pip)
Jan 5, 2023
django-photologue vulnerable to Cross-site Scripting
Moderate
CVE-2022-4526
was published
for
django-photologue
(pip)
Dec 15, 2022
Cross-site Scripting in django-cms
Moderate
CVE-2021-44649
was published
for
django-cms
(pip)
Jan 13, 2022
Cross-site Scripting in django-js-reverse
Moderate
CVE-2019-15486
was published
for
django-js-reverse
(pip)
Aug 27, 2019
Cross-site scripting in Unicorn framework
Moderate
CVE-2021-42053
was published
for
django-unicorn
(pip)
Oct 12, 2021
Django Cross-site scripting (XSS) vulnerability
Moderate
CVE-2008-2302
was published
for
django
(pip)
May 1, 2022
Cross-site Scripting in django-unicorn
Moderate
CVE-2021-42134
was published
for
django-unicorn
(pip)
Oct 12, 2021
Session key exposure through session list in Django User Sessions
Moderate
CVE-2020-5224
was published
for
django-user-sessions
(pip)
Jan 24, 2020
mongodb-client-encryption vulnerable to Improper Certificate Validation
Moderate
CVE-2021-20327
was published
for
mongodb-client-encryption
(npm)
Apr 12, 2021
Django Allows Redirect via Data URL
Moderate
CVE-2012-3442
was published
for
django
(pip)
May 17, 2022
Cross Site Scripting vulnerability in Contribsys Sidekiq
Moderate
CVE-2023-46950
was published
for
sidekiq-unique-jobs
(RubyGems)
Mar 1, 2024
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log
Moderate
CVE-2024-32034
was published
for
decidim-admin
(RubyGems)
Sep 16, 2024
ProTip!
Advisories are also available from the
GraphQL API