Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

8,770 advisories

Loading
Exposure of sensitive information to an unauthorized actor in HyperKitty High
CVE-2021-33038 was published for HyperKitty (pip) Jun 1, 2021
westonsteimel
Lookup function information discolosure in helm High
CVE-2020-11013 was published for helm.sh/helm/v3 (Go) May 27, 2021
Private Field data leak High
CVE-2021-32624 was published for @keystonejs/keystone (npm) May 27, 2021
molomby dcousens
Potential memory exposure in dns-packet High
CVE-2021-23386 was published for dns-packet (npm) May 24, 2021
JWT leak via Open Redirect in Programmatic access Moderate
CVE-2021-29651 was published for github.com/pomerium/pomerium (Go) May 21, 2021
cure53
Podman Origin Validation Error Moderate
CVE-2021-20199 was published for github.com/containers/podman/v3 (Go) May 18, 2021
Information Exposure in jaeger Moderate
CVE-2020-10750 was published for github.com/jaegertracing/jaeger (Go) May 18, 2021
Information Disclosure in HashiCorp Vault High
CVE-2020-13223 was published for github.com/hashicorp/vault (Go) May 18, 2021
Insecure Permissions in Gogs Critical
CVE-2019-14544 was published for gogs.io/gogs (Go) May 18, 2021
Duplicate Advisory: k8s.io/kube-state-metrics Exposure of Sensitive Information Moderate
CVE-2019-17110 was published for github.com/kubernetes/kube-state-metrics (Go) May 18, 2021 withdrawn
Credential leak in react-native-fast-image Moderate
CVE-2020-7696 was published for react-native-fast-image (npm) May 18, 2021
Insecure template handling in express-hbs Moderate
CVE-2021-32817 was published for express-hbs (npm) May 17, 2021
richardfan0606
Insecure template handling in Squirrelly High
CVE-2021-32819 was published for squirrelly (npm) May 17, 2021
nebrelbug
User enumeration in authentication mechanisms Low
GHSA-g2qj-pmxm-9f8f was published for symfony/security-http (Composer) May 17, 2021
User enumeration in authentication mechanisms Low
GHSA-2frx-j9hj-6c65 was published for lexik/jwt-authentication-bundle (Composer) May 17, 2021
mbrodala chalasr
Information Disclosure in Apache Tomcat Moderate
CVE-2021-24122 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 13, 2021
sunSUNQ
Prevent user enumeration using Guard or the new Authenticator-based Security Moderate
CVE-2021-21424 was published for lexik/jwt-authentication-bundle (Composer) May 13, 2021
jamesisaac mbrodala
chalasr
Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket High
CVE-2020-11976 was published for org.apache.wicket:wicket-core (Maven) May 7, 2021
jacobovazquez
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability High
CVE-2021-22885 was published for actionpack (RubyGems) May 5, 2021
Plaintext password leak in Apache Superset High
CVE-2020-13952 was published for apache-superset (pip) Apr 30, 2021
.NET Core Information Disclosure High
CVE-2018-8292 was published for System.Net.Http (NuGet) Apr 21, 2021
Exposure of Sensitive Information to an Unauthorized Actor in ansible Moderate
CVE-2020-1746 was published for ansible (pip) Apr 20, 2021
Potential sensitive data exposure in applications using Vaadin 15 Low
CVE-2020-36319 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
knoobie
Potential sensitive data exposure in applications using Vaadin 15 Low
GHSA-76f4-fw33-6j2v was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
knoobie
User (Encrypted) Password Field Being Serialised Low
GHSA-7fjp-g4m7-fx23 was published for pwweb/laravel-core (Composer) Apr 13, 2021
ProTip! Advisories are also available from the GraphQL API