GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
102 advisories
Filter by severity
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark
Moderate
CVE-2018-1334
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Mar 14, 2019
Exposure of Sensitive Information to an Unauthorized Actor in ansible
Moderate
CVE-2019-10156
was published
for
ansible
(pip)
Jul 31, 2019
Information disclosure in Apache Superset
Moderate
CVE-2020-1932
was published
for
apache-superset
(pip)
Feb 26, 2020
Users can view database names in Apache Superset
Moderate
CVE-2019-12414
was published
for
apache-superset
(pip)
Feb 26, 2020
Users able to query database metadata in Apache Superset
Moderate
CVE-2019-12413
was published
for
apache-superset
(pip)
Feb 26, 2020
CSRF tokens leaked in URL by canned query form
Moderate
GHSA-q6j3-c4wc-63vw
was published
for
datasette
(pip)
Aug 11, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup
Moderate
CVE-2021-21360
was published
for
Products.GenericSetup
(pip)
Mar 9, 2021
Insertion of Sensitive Information into Log File, Invocation of Process Using Visible Sensitive Information, and Exposure of Sensitive Information to an Unauthorized Actor in Ansible
Moderate
CVE-2020-1753
was published
for
ansible
(pip)
Apr 7, 2021
Exposure of Sensitive Information to an Unauthorized Actor and Insecure Temporary File in Ansible
Moderate
CVE-2020-1740
was published
for
ansible
(pip)
Apr 7, 2021
Potential API key leak
Moderate
GHSA-63rq-p8fp-524q
was published
for
sopel-modules.weather
(pip)
Apr 13, 2021
Exposure of Sensitive Information to an Unauthorized Actor in ansible
Moderate
CVE-2020-1746
was published
for
ansible
(pip)
Apr 20, 2021
Scrapy HTTP authentication credentials potentially leaked to target websites
Moderate
CVE-2021-41125
was published
for
Scrapy
(pip)
Oct 6, 2021
Exposure of Sensitive Information to an Unauthorized Actor in ansible
Moderate
CVE-2019-10217
was published
for
ansible
(pip)
Oct 12, 2021
Information disclosure vulnerability in OnionShare
Moderate
CVE-2021-41867
was published
for
onionshare-cli
(pip)
Nov 19, 2021
Unsafe handling of user-specified cookies in treq
Moderate
CVE-2022-23607
was published
for
treq
(pip)
Feb 1, 2022
Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy
Moderate
CVE-2022-0577
was published
for
scrapy
(pip)
Mar 1, 2022
Exposure of Sensitive Information to an Unauthorized Actor in httpie
Moderate
CVE-2022-24737
was published
for
httpie
(pip)
Mar 7, 2022
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates
Moderate
CVE-2021-4180
was published
for
tripleo-heat-templates
(pip)
Mar 24, 2022
OpenStack Nova Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2011-4076
was published
for
nova
(pip)
Apr 22, 2022
Mailman Sensitive Information Disclosure
Moderate
CVE-2004-0412
was published
for
mailman
(pip)
Apr 29, 2022
Trac reStructuredText breach of privacy and denial of service vulnerability
Moderate
CVE-2006-3695
was published
for
trac
(pip)
May 1, 2022
FTP backend for Duplicity Discloses Passwords to Process Listing
Moderate
CVE-2007-5201
was published
for
duplicity
(pip)
May 1, 2022
Django Data leakage via admin history log
Moderate
CVE-2013-0305
was published
for
Django
(pip)
May 5, 2022
Ansible sensitive information disclosure
Moderate
CVE-2018-16876
was published
for
ansible
(pip)
May 13, 2022
OpenStack Keystone Logs Passwords
Moderate
CVE-2015-3646
was published
for
keystone
(pip)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API