Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

102 advisories

Loading
CSRF tokens leaked in URL by canned query form Moderate
GHSA-q6j3-c4wc-63vw was published for datasette (pip) Aug 11, 2020
Potential API key leak Moderate
GHSA-63rq-p8fp-524q was published for sopel-modules.weather (pip) Apr 13, 2021
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates Moderate
CVE-2021-4180 was published for tripleo-heat-templates (pip) Mar 24, 2022
Information disclosure vulnerability in OnionShare Moderate
CVE-2021-41867 was published for onionshare-cli (pip) Nov 19, 2021
OpenStack Cinder Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2014-3641 was published for cinder (pip) May 17, 2022
OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file Moderate
CVE-2015-5163 was published for glance (pip) May 17, 2022
tdunlap607
OpenStack Object Storage (Swift) Sensitive Data Exposure Moderate
CVE-2015-5223 was published for swift (pip) May 14, 2022
Weblate user account enumeration via reset password form Moderate
CVE-2017-5537 was published for weblate (pip) May 17, 2022
aptdaemon Information Disclosure via Improper Input Validation in Transaction class Moderate
CVE-2020-15703 was published for aptdaemon (pip) May 24, 2022
OpenStack Swift Discloses Secret URLs to Timing Attack Moderate
CVE-2014-0006 was published for swift (pip) May 17, 2022
Mailman Sensitive Information Disclosure Moderate
CVE-2004-0412 was published for mailman (pip) Apr 29, 2022
FTP backend for Duplicity Discloses Passwords to Process Listing Moderate
CVE-2007-5201 was published for duplicity (pip) May 1, 2022
`Cookie` HTTP header isn't stripped on cross-origin redirects Moderate
CVE-2023-43804 was published for urllib3 (pip) Oct 2, 2023
ranjit-git pquentin
illia-v sethmlarson
Authorization Header forwarded on redirect Moderate
CVE-2018-25091 was published for urllib3 (pip) Oct 15, 2023
Information disclosure in AccessControl Moderate
CVE-2023-41050 was published for AccessControl (pip) Sep 7, 2023
d-maurer
urllib3's request body not stripped after redirect from 303 status changes request method to GET Moderate
CVE-2023-45803 was published for urllib3 (pip) Oct 17, 2023
ranjit-git illia-v
sethmlarson
Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users Moderate
CVE-2023-40570 was published for datasette (pip) Aug 22, 2023
Apache Superset vulnerable to Exposure of Sensitive Information Moderate
CVE-2023-30776 was published for apache-superset (pip) Jul 6, 2023
yt-dlp File Downloader cookie leak Moderate
CVE-2023-35934 was published for yt-dlp (pip) Jul 6, 2023
Grub4K bashonly
coletdjnz
Fides Information Disclosure Vulnerability in Config API Endpoint Moderate
CVE-2023-46125 was published for ethyca-fides (pip) Oct 24, 2023
h0wl
Apache Airflow vulnerable to sensitive information exposure Moderate
CVE-2023-42663 was published for apache-airflow (pip) Oct 14, 2023
web2py exposure of sensitive information Moderate
CVE-2016-3954 was published for web2py (pip) May 14, 2022
Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-42505 was published for apache-superset (pip) Nov 28, 2023
Clear Text Credentials Exposed via Onboarding Task Moderate
CVE-2023-48700 was published for nautobot-device-onboarding (pip) Nov 21, 2023
whitej6 jeffkala
bryanculver scetron glennmatthews
ProTip! Advisories are also available from the GraphQL API