Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

582 advisories

Loading
Mautic allows users enumeration due to weak password login Moderate
CVE-2024-47059 was published for mautic/core (Composer) Sep 18, 2024
tomekkowalczyk patrykgruszka
escopecz rafibz007
Vite's `server.fs.deny` is bypassed when using `?import&raw` Moderate
CVE-2024-45811 was published for vite (npm) Sep 17, 2024
adi1
Django Data leakage via admin history log Moderate
CVE-2013-0305 was published for Django (pip) May 5, 2022
org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users Moderate
CVE-2024-46979 was published for org.xwiki.platform:xwiki-platform-notifications-ui (Maven) Sep 18, 2024
Django data leakage via querystring manipulation in admin Moderate
CVE-2014-0483 was published for Django (pip) May 14, 2022
MarkLee131
Django settings leak in date template filter Moderate
CVE-2015-8213 was published for Django (pip) May 17, 2022
sunSUNQ
Dapr API Token Exposure Moderate
CVE-2024-35223 was published for github.com/dapr/dapr (Go) May 22, 2024
elena-kolevska yaron2
artursouza
Grafana Arbitrary File Read Moderate
CVE-2019-19499 was published for github.com/grafana/grafana (Go) Jan 31, 2024
gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property Moderate
CVE-2024-45040 was published for github.com/consensys/gnark (Go) Sep 6, 2024
maltezellic
Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2023-42781 was published for apache-airflow (pip) Nov 12, 2023
Apache Airflow information exposure vulnerability Moderate
CVE-2023-40712 was published for apache-airflow (pip) Sep 12, 2023
Apache Airflow vulnerable to Exposure of Sensitive Information Moderate
CVE-2023-46288 was published for apache-airflow (pip) Oct 23, 2023
Apache Airflow vulnerable to exposure of sensitive information Moderate
CVE-2023-35005 was published for apache-airflow (pip) Jun 19, 2023
Apache Airflow information disclosure vulnerability Moderate
CVE-2022-46651 was published for apache-airflow (pip) Jul 12, 2023
Exposure of Sensitive Information to an Unauthorized Actor in ansible Moderate
CVE-2020-1746 was published for ansible (pip) Apr 20, 2021
Ansible discloses credential information Moderate
CVE-2014-4660 was published for ansible (pip) May 17, 2022
Ansible sensitive information disclosure Moderate
CVE-2018-16876 was published for ansible (pip) May 13, 2022
Apache RocketMQ Vulnerable to Unauthorized Exposure of Sensitive Data Moderate
CVE-2024-23321 was published for org.apache.rocketmq:rocketmq-all (Maven) Jul 22, 2024
oscerd
Insertion of Sensitive Information into Log File, Invocation of Process Using Visible Sensitive Information, and Exposure of Sensitive Information to an Unauthorized Actor in Ansible Moderate
CVE-2020-1753 was published for ansible (pip) Apr 7, 2021
Exposure of debug and metrics endpoints in Pomerium Moderate
CVE-2022-24797 was published for github.com/pomerium/pomerium (Go) Sep 6, 2024
gnark's Groth16 commitment extension unsound for more than one commitment Moderate
CVE-2024-45039 was published for github.com/consensys/gnark (Go) Sep 6, 2024
maltezellic ivokub
Users able to query database metadata in Apache Superset Moderate
CVE-2019-12413 was published for apache-superset (pip) Feb 26, 2020
Users can view database names in Apache Superset Moderate
CVE-2019-12414 was published for apache-superset (pip) Feb 26, 2020
Information disclosure in Apache Superset Moderate
CVE-2020-1932 was published for apache-superset (pip) Feb 26, 2020
Ansible Sensitive Files Are Locally Readable Moderate
CVE-2014-4658 was published for ansible (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API