GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
102 advisories
Filter by severity
Gradio vulnerable to arbitrary file read with File and UploadButton components
Moderate
CVE-2024-51751
was published
for
gradio
(pip)
Nov 6, 2024
Scrapy HTTP authentication credentials potentially leaked to target websites
Moderate
CVE-2021-41125
was published
for
Scrapy
(pip)
Oct 6, 2021
Roundup sensitive data disclosure vulnerability
Moderate
CVE-2014-6276
was published
for
roundup
(pip)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Requests
Moderate
CVE-2014-1829
was published
for
requests
(pip)
May 17, 2022
sosreport sensitive information disclosure via weak permissions of the generated archives
Moderate
CVE-2015-3171
was published
for
sosreport
(pip)
May 13, 2022
Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy
Moderate
CVE-2022-0577
was published
for
scrapy
(pip)
Mar 1, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Requests
Moderate
CVE-2014-1830
was published
for
requests
(pip)
May 14, 2022
salt leaks git usernames and passwords to the log
Moderate
CVE-2015-6918
was published
for
salt
(pip)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark
Moderate
CVE-2018-1334
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Mar 14, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup
Moderate
CVE-2021-21360
was published
for
Products.GenericSetup
(pip)
Mar 9, 2021
Plone is vulnerable to information exposure via the object manager implementation
Moderate
CVE-2013-4196
was published
for
plone
(pip)
May 17, 2022
Plone vulnerable to unauthorized disclosure of site content
Moderate
CVE-2016-4042
was published
for
Plone
(pip)
May 17, 2022
Plone is vulnerable to File System Path Exposure
Moderate
CVE-2013-4194
was published
for
plone
(pip)
May 17, 2022
Plone Filesystem path information leak
Moderate
CVE-2013-7060
was published
for
Products.CMFPlone
(pip)
May 17, 2022
Plone is vulnerable to Information Exposure when generating zip archives
Moderate
CVE-2013-4191
was published
for
plone
(pip)
May 17, 2022
Exposure of Sensitive Information in Plone
Moderate
CVE-2012-5508
was published
for
Plone
(pip)
May 17, 2022
Plone User account enumeration via crafted URL
Moderate
CVE-2012-5497
was published
for
plone
(pip)
May 17, 2022
Gradio has several components with post-process steps allow arbitrary file leaks
Moderate
CVE-2024-47868
was published
for
gradio
(pip)
Oct 10, 2024
OMERO-web Sensitive Data Exposure
Moderate
CVE-2020-7932
was published
for
omero-web
(pip)
May 24, 2022
Apache Superset: Improper error handling on alerts
Moderate
CVE-2024-27315
was published
for
apache-superset
(pip)
Feb 28, 2024
jwcrypto lacks the Random Filling protection mechanism
Moderate
CVE-2016-6298
was published
for
jwcrypto
(pip)
May 17, 2022
openstack-heat may disclose sensitive information
Moderate
CVE-2024-7319
was published
for
openstack-heat
(pip)
Aug 2, 2024
Exposure of Sensitive Information to an Unauthorized Actor in httpie
Moderate
CVE-2022-24737
was published
for
httpie
(pip)
Mar 7, 2022
ProTip!
Advisories are also available from the
GraphQL API