GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,107
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,659
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
238 advisories
Filter by severity
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
High
CVE-2018-3831
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 13, 2022
RhodeCode and Kallithea are vulnerable to sensitive information disclosure
High
CVE-2015-0260
was published
for
Kallithea
(pip)
May 13, 2022
October CMS Local File Inclusion
High
CVE-2018-1999009
was published
for
october/october
(Composer)
May 13, 2022
Moodle uses predictable password-recovery tokens
High
CVE-2015-5267
was published
for
moodle/moodle
(Composer)
May 13, 2022
OpenStack Ironic Exposure of Sensitive Information to an Unauthorized Actor
High
CVE-2016-4985
was published
for
ironic
(pip)
May 13, 2022
Exposure of repository credentials to external third-party sources in Rancher
High
CVE-2021-36778
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
MoinMoin Exposure of Sensitive Disclosure when GATEWAY_INTERFACE variable is set
High
CVE-2010-0667
was published
for
moin
(pip)
May 2, 2022
Apache Tomcat allows remote attackers to read JSP source files
High
CVE-2005-4836
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Apache Tomcat Source Code Disclosure
High
CVE-2002-1394
was published
for
org.apache.tomcat:tomcat
(Maven)
Apr 30, 2022
JBoss AS may expose root content if excluded-contexts list is mismatched
High
CVE-2012-1094
was published
for
org.jboss.as:jboss-as-server
(Maven)
Apr 23, 2022
Information Exposure in Apache Tapestry
High
CVE-2021-30638
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Mar 18, 2022
Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI
High
CVE-2022-25512
was published
for
FreeTAKServer-UI
(pip)
Mar 12, 2022
Exposure of Sensitive Information to an Unauthorized Actor in PhpMyAdmin
High
CVE-2022-0813
was published
for
phpmyadmin/phpmyadmin
(Composer)
Mar 11, 2022
Incorrect Authorization in @uppy/companion
High
CVE-2022-0528
was published
for
@uppy/companion
(npm)
Mar 4, 2022
containerd CRI plugin: Insecure handling of image volumes
High
CVE-2022-23648
was published
for
github.com/containerd/containerd
(Go)
Mar 2, 2022
Cookie exposure in requestretry
High
CVE-2022-0654
was published
for
requestretry
(npm)
Feb 24, 2022
Exposure of server configuration in github.com/go-vela/server
High
CVE-2020-26294
was published
for
github.com/go-vela/compiler
(Go)
Feb 15, 2022
Puma used with Rails may lead to Information Exposure
High
CVE-2022-23634
was published
for
puma
(RubyGems)
Feb 11, 2022
Exposure of information in Action Pack
High
CVE-2022-23633
was published
for
actionpack
(RubyGems)
Feb 11, 2022
Insecure template handling in Express-handlebars
High
CVE-2021-32820
was published
for
express-handlebars
(npm)
Feb 10, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Concord
High
CVE-2020-10591
was published
for
com.walmartlabs.concord.docker:concord-common
(Maven)
Feb 10, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
High
CVE-2020-17527
was published
for
org.apache.tomcat:tomcat-coyote
(Maven)
Feb 9, 2022
Cookie and header exposure in twisted
High
CVE-2022-21712
was published
for
twisted
(pip)
Feb 7, 2022
Path traversal and dereference of symlinks in Argo CD
High
CVE-2022-24348
was published
for
github.com/argoproj/argo-cd
(Go)
Feb 7, 2022
Exposure of Sensitive Information in simple-get
High
CVE-2022-0355
was published
for
simple-get
(npm)
Jan 28, 2022
ProTip!
Advisories are also available from the
GraphQL API