GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
salt password information leaked in debug logs
Critical
CVE-2015-6941
was published
for
salt
(pip)
May 17, 2022
Django-Anymail prone to a timing attack
Critical
CVE-2018-6596
was published
for
django-anymail
(pip)
Jul 12, 2018
Credential leak in org.apache.directory.api:apache-ldap-api
Critical
CVE-2018-1337
was published
for
org.apache.directory.api:apache-ldap-api
(Maven)
Nov 9, 2018
DIRAC's TokenManager does not check permissions on cached tokens
Critical
CVE-2024-24825
was published
for
DIRAC
(pip)
Feb 8, 2024
Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Critical
CVE-2023-6572
was published
for
gradio
(pip)
Dec 14, 2023
Potential Remote Code Execution in TYPO3 with mediace extension
Critical
CVE-2020-15086
was published
for
friendsoftypo3/mediace
(Composer)
Jul 29, 2020
Cache poisoning in drupal/core
Critical
CVE-2023-5256
was published
for
drupal/core
(Composer)
Sep 28, 2023
Openstack Magnum Unsafe Credential Handling
Critical
CVE-2016-7404
was published
for
openstack-magnum
(pip)
May 24, 2022
Exposure of Sensitive Information in eventsource
Critical
CVE-2022-1650
was published
for
eventsource
(npm)
May 13, 2022
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
Critical
CVE-2023-43791
was published
for
label-studio
(pip)
Nov 9, 2023
SQLpage vulnerable to public exposure of database credentials
Critical
CVE-2023-42454
was published
for
sqlpage
(Rust)
Sep 21, 2023
Argo CD cluster secret might leak in cluster details page
Critical
CVE-2023-40029
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Sep 11, 2023
Json response for search reveals Solr credentials
Critical
GHSA-7crc-r3wg-cfgf
was published
for
ezsystems/ezplatform-solr-search-engine
(Composer)
Nov 3, 2023
Json response for search reveals Solr credentials
Critical
GHSA-v6xp-ccvx-w52m
was published
for
ibexa/solr
(Composer)
Nov 3, 2023
Exposure of Sensitive Information to an Unauthorized Actor in AEgir
Critical
CVE-2020-11059
was published
for
aegir
(npm)
May 27, 2020
Anchor CMS Logs Credentials
Critical
CVE-2018-7251
was published
for
anchorcms/anchor-cms
(Composer)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in urllib3
Critical
CVE-2018-20060
was published
for
urllib3
(pip)
Dec 12, 2018
tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli
Critical
GHSA-h24c-6p6p-m3vx
was published
for
github.com/bnb-chain/tss-lib
(Go)
Sep 1, 2023
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code
Critical
CVE-2022-39222
was published
for
github.com/dexidp/dex
(Go)
Oct 3, 2022
Airbrake keys not being filtered
Critical
CVE-2019-16060
was published
for
airbrake-ruby
(RubyGems)
Sep 11, 2019
Improper access control allows admin privilege escalation in Argo CD
Critical
CVE-2022-24768
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend
Critical
CVE-2023-28444
was published
for
angular-server-side-configuration
(npm)
Mar 24, 2023
Insecure cookie sharing in Hawtio
Critical
CVE-2017-2589
was published
for
io.hawt:project
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor
Critical
CVE-2021-32711
was published
for
shopware/platform
(Composer)
Sep 8, 2021
Exposure of Sensitive Information in Jenkins Core
Critical
CVE-2016-0791
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API