GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,107
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,659
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
238 advisories
Filter by severity
TeamPass information exposure vulnerability
High
CVE-2023-3553
was published
for
nilsteampassnet/teampass
(Composer)
Jul 8, 2023
league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase
High
CVE-2023-37260
was published
for
league/oauth2-server
(Composer)
Jul 6, 2023
Dolibarr vulnerable to unauthenticated database access
High
CVE-2023-33568
was published
for
dolibarr/dolibarr
(Composer)
Jun 13, 2023
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)
High
CVE-2023-34092
was published
for
vite
(npm)
Jun 6, 2023
Synapse does not apply enough checks to servers requesting auth events of events in a room
High
CVE-2022-39335
was published
for
matrix-synapse
(pip)
May 24, 2023
Ghost vulnerable to information disclosure of private API fields
High
CVE-2023-31133
was published
for
ghost
(npm)
May 3, 2023
Data written to GitHub Actions Cache may expose secrets
High
CVE-2023-30853
was published
for
gradle/gradle-build-action
(GitHub Actions)
May 1, 2023
Hidden fields can be leaked on readable collections in Payload
High
CVE-2023-30843
was published
for
payload
(npm)
Apr 26, 2023
Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer
High
CVE-2023-29517
was published
for
org.xwiki.platform:xwiki-platform-office-viewer
(Maven)
Apr 20, 2023
XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor
High
CVE-2023-26476
was published
for
org.xwiki.platform:xwiki-platform-livetable-ui
(Maven)
Mar 3, 2023
RosarioSIS Improper Access Control vulnerability
High
CVE-2023-0994
was published
for
francoisjacquet/rosariosis
(Composer)
Feb 24, 2023
Codiad information disclosure vulnerability
High
CVE-2017-20178
was published
for
codiad/codiad
(Composer)
Feb 21, 2023
User data in TPM attestation vulnerable to MITM
High
GHSA-r2h5-3hgw-8j34
was published
for
github.com/edgelesssys/constellation/v2
(Go)
Feb 17, 2023
Sensitive Information leak via Script File in TinaCMS
High
CVE-2023-25164
was published
for
@tinacms/cli
(npm)
Feb 8, 2023
Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects
High
CVE-2022-43757
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Gitops Run insecure communication
High
CVE-2022-23509
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jan 9, 2023
Apache CXF vulnerable to Exposure of Sensitive Information
High
CVE-2022-46363
was published
for
org.apache.cxf:cxf-core
(Maven)
Dec 13, 2022
Craft CMS discloses password hashes
High
CVE-2022-37783
was published
for
craftcms/cms
(Composer)
Dec 5, 2022
Password exposure in H2 Database
High
CVE-2022-45868
was published
for
com.h2database:h2
(Maven)
Nov 23, 2022
Apache Archiva vulnerable to Sensitive Information Disclosure via anonymous user
High
CVE-2022-40308
was published
for
org.apache.archiva:archiva-common
(Maven)
Nov 15, 2022
Apache Airflow subject to Exposure of Sensitive Information
High
CVE-2022-27949
was published
for
apache-airflow
(pip)
Nov 14, 2022
ezplatform-graphql GraphQL queries can expose password hashes
High
CVE-2022-41876
was published
for
ezsystems/ezplatform-graphql
(Composer)
Nov 10, 2022
Parse Server vulnerable to brute force guessing of user sensitive data via search patterns
High
CVE-2022-36079
was published
for
parse-server
(npm)
Sep 16, 2022
ZK Framework vulnerable to malicious POST
High
CVE-2022-36537
was published
for
org.zkoss.zk:zk
(Maven)
Aug 27, 2022
Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logs
High
CVE-2022-31162
was published
for
slack-morphism
(Rust)
Jul 20, 2022
ProTip!
Advisories are also available from the
GraphQL API