GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
Exposure of Sensitive Information in Hadoop
Critical
CVE-2017-15718
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Dec 21, 2018
Insecure Permissions in Gogs
Critical
CVE-2019-14544
was published
for
gogs.io/gogs
(Go)
May 18, 2021
Argo CD will blindly trust JWT claims if anonymous access is enabled
Critical
CVE-2022-29165
was published
for
github.com/argoproj/argo-cd
(Go)
May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop
Critical
CVE-2016-3086
was published
for
org.apache.hadoop:hadoop-yarn-server-nodemanager
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Critical
CVE-2017-1000362
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Weave GitOps leaked cluster credentials into logs on connection errors
Critical
CVE-2022-31098
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jun 23, 2022
Exposure of Sensitive Information in Jenkins Core
Critical
CVE-2016-0791
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor
Critical
CVE-2021-32711
was published
for
shopware/platform
(Composer)
Sep 8, 2021
Insecure cookie sharing in Hawtio
Critical
CVE-2017-2589
was published
for
io.hawt:project
(Maven)
May 13, 2022
angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend
Critical
CVE-2023-28444
was published
for
angular-server-side-configuration
(npm)
Mar 24, 2023
Improper access control allows admin privilege escalation in Argo CD
Critical
CVE-2022-24768
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Airbrake keys not being filtered
Critical
CVE-2019-16060
was published
for
airbrake-ruby
(RubyGems)
Sep 11, 2019
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code
Critical
CVE-2022-39222
was published
for
github.com/dexidp/dex
(Go)
Oct 3, 2022
tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli
Critical
GHSA-h24c-6p6p-m3vx
was published
for
github.com/bnb-chain/tss-lib
(Go)
Sep 1, 2023
Exposure of Sensitive Information to an Unauthorized Actor in urllib3
Critical
CVE-2018-20060
was published
for
urllib3
(pip)
Dec 12, 2018
Anchor CMS Logs Credentials
Critical
CVE-2018-7251
was published
for
anchorcms/anchor-cms
(Composer)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in AEgir
Critical
CVE-2020-11059
was published
for
aegir
(npm)
May 27, 2020
Json response for search reveals Solr credentials
Critical
GHSA-v6xp-ccvx-w52m
was published
for
ibexa/solr
(Composer)
Nov 3, 2023
Json response for search reveals Solr credentials
Critical
GHSA-7crc-r3wg-cfgf
was published
for
ezsystems/ezplatform-solr-search-engine
(Composer)
Nov 3, 2023
Argo CD cluster secret might leak in cluster details page
Critical
CVE-2023-40029
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Sep 11, 2023
SQLpage vulnerable to public exposure of database credentials
Critical
CVE-2023-42454
was published
for
sqlpage
(Rust)
Sep 21, 2023
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
Critical
CVE-2023-43791
was published
for
label-studio
(pip)
Nov 9, 2023
Exposure of Sensitive Information in eventsource
Critical
CVE-2022-1650
was published
for
eventsource
(npm)
May 13, 2022
Openstack Magnum Unsafe Credential Handling
Critical
CVE-2016-7404
was published
for
openstack-magnum
(pip)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API