GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
High
CVE-2022-30617
was published
for
@strapi/strapi
(npm)
May 20, 2022
Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
High
CVE-2022-30618
was published
for
@strapi/strapi
(npm)
May 20, 2022
Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak
High
CVE-2020-1940
was published
for
org.apache.jackrabbit:oak-core
(Maven)
Dec 10, 2021
Wasmtime may have data leakage between instances in the pooling allocator
High
CVE-2022-39393
was published
for
wasmtime
(Rust)
Nov 10, 2022
Cockpit Content Platform vulnerable to 2FA bypass
High
CVE-2022-2818
was published
for
cockpit-hq/cockpit
(Composer)
Aug 16, 2022
Fix failure to strip Authorization header on HTTP downgrade
High
CVE-2022-31043
was published
for
guzzlehttp/guzzle
(Composer)
Jun 9, 2022
Failure to strip the Cookie header on change in host or HTTP downgrade
High
CVE-2022-31042
was published
for
guzzlehttp/guzzle
(Composer)
Jun 9, 2022
Protected fields exposed via LiveQuery
High
CVE-2022-31112
was published
for
parse-server
(npm)
Jul 6, 2022
CURLOPT_HTTPAUTH option not cleared on change of origin
High
CVE-2022-31090
was published
for
guzzlehttp/guzzle
(Composer)
Jun 21, 2022
Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logs
High
CVE-2022-31162
was published
for
slack-morphism
(Rust)
Jul 20, 2022
Exposure of information in Action Pack
High
CVE-2022-23633
was published
for
actionpack
(RubyGems)
Feb 11, 2022
Improper Removal of Sensitive Information Before Storage or Transfer in irrd
High
CVE-2022-24798
was published
for
irrd
(pip)
Apr 1, 2022
ProTip!
Advisories are also available from the
GraphQL API