GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,107
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,659
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
238 advisories
Filter by severity
node-fetch forwards secure headers to untrusted sites
High
CVE-2022-0235
was published
for
node-fetch
(npm)
Jan 21, 2022
Exposure of Sensitive Information to an Unauthorized Actor in microweber
High
CVE-2022-0281
was published
for
microweber/microweber
(Composer)
Jan 21, 2022
Insertion of Sensitive Information into Log File in Apache NiFi
High
CVE-2020-1942
was published
for
org.apache.nifi:nifi-framework-core
(Maven)
Jan 6, 2022
Opencast publishes global system account credentials
High
CVE-2018-16153
was published
for
org.opencastproject:opencast-common
(Maven)
Dec 14, 2021
Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak
High
CVE-2020-1940
was published
for
org.apache.jackrabbit:oak-core
(Maven)
Dec 10, 2021
Unrestricted access to predictable file paths in hov/jobfair
High
CVE-2021-43564
was published
for
hov/jobfair
(Composer)
Nov 15, 2021
Splash authentication credentials potentially leaked to target websites
High
CVE-2021-41124
was published
for
scrapy-splash
(pip)
Oct 6, 2021
Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS
High
CVE-2021-41120
was published
for
sylius/paypal-plugin
(Composer)
Oct 6, 2021
LiveQuery publishes user session tokens in parse-server
High
CVE-2021-41109
was published
for
parse-server
(npm)
Sep 30, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Apache Santuario
High
CVE-2021-40690
was published
for
org.apache.santuario:xmlsec
(Maven)
Sep 20, 2021
Any storage file can be downloaded from p.sh if full server path is known
High
GHSA-2rh5-jvgx-pgw3
was published
for
ezsystems/ezplatform
(Composer)
Sep 14, 2021
Any storage file can be downloaded from p.sh if full server path is known
High
GHSA-gqcf-83rq-gpfr
was published
for
ibexa/post-install
(Composer)
Sep 14, 2021
Exposure of Sensitive Information to an Unauthorized Actor
High
CVE-2021-32717
was published
for
shopware/platform
(Composer)
Sep 8, 2021
Basic-auth app bundle credential exposure in gatsby-source-wordpress
High
CVE-2021-32770
was published
for
gatsby-source-wordpress
(npm)
Jul 19, 2021
Private files publicly accessible with Cloud Storage providers
High
GHSA-vrf2-xghr-j52v
was published
for
shopware/core
(Composer)
Jun 28, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
High
CVE-2021-25122
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jun 16, 2021
Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox
High
CVE-2021-20259
was published
for
foreman_fog_proxmox
(RubyGems)
Jun 10, 2021
Exposure of sensitive information to an unauthorized actor in HyperKitty
High
CVE-2021-33038
was published
for
HyperKitty
(pip)
Jun 1, 2021
Lookup function information discolosure in helm
High
CVE-2020-11013
was published
for
helm.sh/helm/v3
(Go)
May 27, 2021
Private Field data leak
High
CVE-2021-32624
was published
for
@keystonejs/keystone
(npm)
May 27, 2021
Potential memory exposure in dns-packet
High
CVE-2021-23386
was published
for
dns-packet
(npm)
May 24, 2021
Information Disclosure in HashiCorp Vault
High
CVE-2020-13223
was published
for
github.com/hashicorp/vault
(Go)
May 18, 2021
Insecure template handling in Squirrelly
High
CVE-2021-32819
was published
for
squirrelly
(npm)
May 17, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket
High
CVE-2020-11976
was published
for
org.apache.wicket:wicket-core
(Maven)
May 7, 2021
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability
High
CVE-2021-22885
was published
for
actionpack
(RubyGems)
May 5, 2021
ProTip!
Advisories are also available from the
GraphQL API