Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

32 advisories

Loading
Phoenix-ws source code and data in extensions folder is publicly available High
GHSA-c8f7-x2g7-7fxj was published for phoenix-ws (pip) Jun 2, 2022
Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI High
CVE-2022-25512 was published for FreeTAKServer-UI (pip) Mar 12, 2022
Cookie and header exposure in twisted High
CVE-2022-21712 was published for twisted (pip) Feb 7, 2022
ranjit-git alex
twm
Exposure of sensitive information to an unauthorized actor in HyperKitty High
CVE-2021-33038 was published for HyperKitty (pip) Jun 1, 2021
westonsteimel
Splash authentication credentials potentially leaked to target websites High
CVE-2021-41124 was published for scrapy-splash (pip) Oct 6, 2021
TripleO Heat templates might allow remote attackers to obtain sensitive information from private containers High
CVE-2015-5271 was published for tripleo-heat-templates (pip) May 17, 2022
keycloak-httpd-client-install Insecure Secrets High
CVE-2017-15112 was published for keycloak-httpd-client-install (pip) May 14, 2022
OpenStack Heat information leak vulnerability High
CVE-2023-1625 was published for openstack-heat (pip) Sep 24, 2023
Nautobot vulnerable to exposure of hashed user passwords via REST API High
CVE-2023-46128 was published for nautobot (pip) Oct 24, 2023
Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task High
CVE-2023-47117 was published for label-studio (pip) Nov 14, 2023
alex-elttam
Information exposure in MLflow High
CVE-2023-43472 was published for mlflow (pip) Dec 5, 2023
JupyterLab vulnerable to potential authentication and CSRF tokens leak High
CVE-2024-22421 was published for jupyterlab (pip) Jan 19, 2024
davwwwx
Duplicate Advisory: Scrapy authorization header leakage on cross-domain redirect High
GHSA-4q82-j5c2-g2c5 was published for scrapy (pip) Apr 16, 2024 withdrawn
Scrapy authorization header leakage on cross-domain redirect High
CVE-2024-3574 was published for scrapy (pip) Feb 15, 2024
ranjit-git
SaltStack Salt Information Exposure High
CVE-2017-8109 was published for salt (pip) May 17, 2022
Home Assistant information disclosure vulnerability High
CVE-2018-21019 was published for homeassistant (pip) May 24, 2022
openstack-mistral Discloses the presence of arbitrary files within the filesystem High
CVE-2018-16849 was published for mistral (pip) May 13, 2022
OpenStack Ironic Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2016-4985 was published for ironic (pip) May 13, 2022
OpenStack Nova Live migration can leak root disk into ephemeral storage High
CVE-2013-7130 was published for nova (pip) May 17, 2022
Duplicate Advisory: Scrapy leaks the authorization header on same-domain but cross-origin redirects High
GHSA-cg34-w3fm-82h3 was published for scrapy (pip) May 20, 2024 withdrawn
Jupyter server on Windows discloses Windows user password hash High
CVE-2024-35178 was published for jupyter_server (pip) Jun 6, 2024
nvn1729
openstack-heat may disclose sensitive information High
CVE-2024-7319 was published for openstack-heat (pip) Aug 2, 2024
Vanna vulnerable to SQL Injection High
CVE-2024-5753 was published for vanna (pip) Jul 5, 2024
Plaintext password leak in Apache Superset High
CVE-2020-13952 was published for apache-superset (pip) Apr 30, 2021
Ansible Exposes Sensitive Information High
CVE-2021-20228 was published for ansible (pip) May 25, 2022
ProTip! Advisories are also available from the GraphQL API