GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,107
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,659
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
238 advisories
Filter by severity
Valinor error messages leading to potential data exfiltration before v0.12.0
High
CVE-2022-31140
was published
for
cuyz/valinor
(Composer)
Jul 12, 2022
Protected fields exposed via LiveQuery
High
CVE-2022-31112
was published
for
parse-server
(npm)
Jul 6, 2022
Change in port should be considered a change in origin
High
CVE-2022-31091
was published
for
guzzlehttp/guzzle
(Composer)
Jun 21, 2022
CURLOPT_HTTPAUTH option not cleared on change of origin
High
CVE-2022-31090
was published
for
guzzlehttp/guzzle
(Composer)
Jun 21, 2022
NocoDB information disclosure vulnerability
High
CVE-2022-2062
was published
for
nocodb
(npm)
Jun 14, 2022
Failure to strip the Cookie header on change in host or HTTP downgrade
High
CVE-2022-31042
was published
for
guzzlehttp/guzzle
(Composer)
Jun 9, 2022
Fix failure to strip Authorization header on HTTP downgrade
High
CVE-2022-31043
was published
for
guzzlehttp/guzzle
(Composer)
Jun 9, 2022
Packing does not respect root-level ignore files in workspaces
High
CVE-2022-29244
was published
for
npm
(npm)
Jun 2, 2022
Phoenix-ws source code and data in extensions folder is publicly available
High
GHSA-c8f7-x2g7-7fxj
was published
for
phoenix-ws
(pip)
Jun 2, 2022
Ansible Exposes Sensitive Information
High
CVE-2021-20228
was published
for
ansible
(pip)
May 25, 2022
Cross-domain cookie leakage in Guzzle
High
CVE-2022-29248
was published
for
guzzlehttp/guzzle
(Composer)
May 25, 2022
xxl-job sensitive data exposure
High
CVE-2020-23811
was published
for
com.xuxueli:xxl-job
(Maven)
May 24, 2022
Microweber Discloses Sensitive Information
High
CVE-2020-13405
was published
for
microweber/microweber
(Composer)
May 24, 2022
Silverstripe CMS information disclosure
High
CVE-2020-6164
was published
for
silverstripe/cms
(Composer)
May 24, 2022
Magento defense-in-depth security mitigation vulnerability
High
CVE-2020-9591
was published
for
magento/community-edition
(Composer)
May 24, 2022
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation
High
CVE-2020-13700
was published
for
airesvsg/acf-to-rest-api
(Composer)
May 24, 2022
Gravity Forms plugin leak hashed passwords
High
CVE-2020-13764
was published
for
wp-premium/gravityforms
(Composer)
May 24, 2022
Improper Input Validation in Undertow
High
CVE-2020-1757
was published
for
io.undertow:undertow-core
(Maven)
May 24, 2022
Home Assistant information disclosure vulnerability
High
CVE-2018-21019
was published
for
homeassistant
(pip)
May 24, 2022
OpenStack Nova Server Resource Faults Leak External Exception Details
High
CVE-2019-14433
was published
for
nova
(pip)
May 24, 2022
Magento 2 Community Edition Information Leak
High
CVE-2019-7951
was published
for
magento/community-edition
(Composer)
May 24, 2022
Exposure of Sensitive Information in Apache Storm Logviewer
High
CVE-2019-0202
was published
for
org.apache.storm:storm-core
(Maven)
May 24, 2022
Wikimedia information leak vulnerability
High
CVE-2019-12474
was published
for
mediawiki/core
(Composer)
May 24, 2022
django-markupfield Arbitrary File Read
High
CVE-2015-0846
was published
for
django-markupfield
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API