Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,107
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,659
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

238 advisories

Loading
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch High
CVE-2018-3831 was published for org.elasticsearch:elasticsearch (Maven) May 13, 2022
RhodeCode and Kallithea are vulnerable to sensitive information disclosure High
CVE-2015-0260 was published for Kallithea (pip) May 13, 2022
October CMS Local File Inclusion High
CVE-2018-1999009 was published for october/october (Composer) May 13, 2022
Moodle uses predictable password-recovery tokens High
CVE-2015-5267 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
OpenStack Ironic Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2016-4985 was published for ironic (pip) May 13, 2022
Exposure of repository credentials to external third-party sources in Rancher High
CVE-2021-36778 was published for github.com/rancher/rancher (Go) May 2, 2022
dasMulli
MoinMoin Exposure of Sensitive Disclosure when GATEWAY_INTERFACE variable is set High
CVE-2010-0667 was published for moin (pip) May 2, 2022
anonymous4ACL24
Apache Tomcat allows remote attackers to read JSP source files High
CVE-2005-4836 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
Apache Tomcat Source Code Disclosure High
CVE-2002-1394 was published for org.apache.tomcat:tomcat (Maven) Apr 30, 2022
JBoss AS may expose root content if excluded-contexts list is mismatched High
CVE-2012-1094 was published for org.jboss.as:jboss-as-server (Maven) Apr 23, 2022
Information Exposure in Apache Tapestry High
CVE-2021-30638 was published for org.apache.tapestry:tapestry-core (Maven) Mar 18, 2022
Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI High
CVE-2022-25512 was published for FreeTAKServer-UI (pip) Mar 12, 2022
Exposure of Sensitive Information to an Unauthorized Actor in PhpMyAdmin High
CVE-2022-0813 was published for phpmyadmin/phpmyadmin (Composer) Mar 11, 2022
Incorrect Authorization in @uppy/companion High
CVE-2022-0528 was published for @uppy/companion (npm) Mar 4, 2022
containerd CRI plugin: Insecure handling of image volumes High
CVE-2022-23648 was published for github.com/containerd/containerd (Go) Mar 2, 2022
felixwilhelm
Cookie exposure in requestretry High
CVE-2022-0654 was published for requestretry (npm) Feb 24, 2022
Exposure of server configuration in github.com/go-vela/server High
CVE-2020-26294 was published for github.com/go-vela/compiler (Go) Feb 15, 2022
matt-fevold wass3r
Puma used with Rails may lead to Information Exposure High
CVE-2022-23634 was published for puma (RubyGems) Feb 11, 2022
byroot
Exposure of information in Action Pack High
CVE-2022-23633 was published for actionpack (RubyGems) Feb 11, 2022
byroot
Insecure template handling in Express-handlebars High
CVE-2021-32820 was published for express-handlebars (npm) Feb 10, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Concord High
CVE-2020-10591 was published for com.walmartlabs.concord.docker:concord-common (Maven) Feb 10, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat High
CVE-2020-17527 was published for org.apache.tomcat:tomcat-coyote (Maven) Feb 9, 2022
sunSUNQ
Cookie and header exposure in twisted High
CVE-2022-21712 was published for twisted (pip) Feb 7, 2022
ranjit-git alex
twm
Path traversal and dereference of symlinks in Argo CD High
CVE-2022-24348 was published for github.com/argoproj/argo-cd (Go) Feb 7, 2022
Exposure of Sensitive Information in simple-get High
CVE-2022-0355 was published for simple-get (npm) Jan 28, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database