Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,107
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,659
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

238 advisories

Loading
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability High
CVE-2023-51437 was published for org.apache.pulsar:pulsar-broker-auth-sasl (Maven) Feb 7, 2024
Any authenticated user may obtain private message details from other users on the same instance High
CVE-2024-23649 was published for lemmy_server (Rust) Jan 24, 2024
Nothing4You
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem High
CVE-2024-23331 was published for vite (npm) Jan 19, 2024
dariushoule
JupyterLab vulnerable to potential authentication and CSRF tokens leak High
CVE-2024-22421 was published for jupyterlab (pip) Jan 19, 2024
davwwwx
@backstage/backend-app-api leaks GitLab access tokens High
CVE-2023-6944 was published for @backstage/backend-app-api (npm) Jan 4, 2024
Solr search discloses password hashes of all users High
CVE-2023-50719 was published for org.xwiki.platform:xwiki-platform-search-solr-api (Maven) Dec 16, 2023
Potential CSV export data leak High
CVE-2023-50448 was published for activeadmin (RubyGems) Dec 15, 2023
emilong
Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method High
CVE-2023-48122 was published for microweber/microweber (Composer) Dec 8, 2023
github.com/ecies/go vulnerable to possible private key restoration High
CVE-2023-49292 was published for github.com/ecies/go/v2 (Go) Dec 5, 2023
Merricx savely-krasovsky
Information exposure in MLflow High
CVE-2023-43472 was published for mlflow (pip) Dec 5, 2023
Apache DolphinScheduler sensitive information disclosure High
CVE-2023-48796 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Nov 24, 2023
Attacker can cause Kyverno user to unintentionally consume insecure image High
CVE-2023-47630 was published for github.com/kyverno/kyverno (Go) Nov 14, 2023
AdamKorcz
Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task High
CVE-2023-47117 was published for label-studio (pip) Nov 14, 2023
alex-elttam
Nautobot vulnerable to exposure of hashed user passwords via REST API High
CVE-2023-46128 was published for nautobot (pip) Oct 24, 2023
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables High
CVE-2023-46115 was published for @tauri-apps/cli (npm) Oct 20, 2023
Quarkus OIDC can leak both ID and access tokens High
CVE-2023-1584 was published for io.quarkus:quarkus-oidc (Maven) Oct 4, 2023
OpenStack Heat information leak vulnerability High
CVE-2023-1625 was published for openstack-heat (pip) Sep 24, 2023
Apache Airflow denial of service vulnerability High
CVE-2023-37379 was published for apache-airflow (pip) Aug 23, 2023
Yaklang Plugin's Fuzztag Component Allows Unauthorized Local File Reading High
CVE-2023-40023 was published for github.com/yaklang/yaklang (Go) Aug 15, 2023
Phelaine
.NET Information Disclosure Vulnerability High
CVE-2023-35391 was published for Microsoft.AspNetCore.SignalR.Redis (NuGet) Aug 11, 2023
Apache Airflow Execution with Unnecessary Privileges High
CVE-2023-39508 was published for apache-airflow (pip) Aug 5, 2023
Leaking sensitive user information still possible by filtering on private with prefix fields High
CVE-2023-34235 was published for @strapi/database (npm) Jul 25, 2023
Boegie19 derrickmehaffy
innerdvations Marc-Roig Bassel17
Pimcore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2023-3819 was published for pimcore/pimcore (Composer) Jul 21, 2023
dkarlovi
Weave GitOps Terraform Controller Information Disclosure Vulnerability High
CVE-2023-34236 was published for github.com/weaveworks/tf-controller (Go) Jul 14, 2023
greenu
Decidim vulnerable to sensitive data disclosure High
CVE-2023-34090 was published for decidim (RubyGems) Jul 11, 2023
p- ahukkanen
alecslupu
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database