GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
236 advisories
Filter by severity
Liferay Portal vulnerable to user impersonation
High
CVE-2024-25148
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 8, 2024
MoinMoin Exposure of Sensitive Disclosure when GATEWAY_INTERFACE variable is set
High
CVE-2010-0667
was published
for
moin
(pip)
May 2, 2022
RestrictedPython information leakage via `AttributeError.obj` and the `string` module
High
CVE-2024-47532
was published
for
RestrictedPython
(pip)
Sep 30, 2024
openstack-mistral Discloses the presence of arbitrary files within the filesystem
High
CVE-2018-16849
was published
for
mistral
(pip)
May 13, 2022
RhodeCode and Kallithea are vulnerable to sensitive information disclosure
High
CVE-2015-0260
was published
for
Kallithea
(pip)
May 13, 2022
Synapse does not apply enough checks to servers requesting auth events of events in a room
High
CVE-2022-39335
was published
for
matrix-synapse
(pip)
May 24, 2023
Exposure of sensitive information to an unauthorized actor in HyperKitty
High
CVE-2021-33038
was published
for
HyperKitty
(pip)
Jun 1, 2021
Home Assistant information disclosure vulnerability
High
CVE-2018-21019
was published
for
homeassistant
(pip)
May 24, 2022
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`)
High
CVE-2024-45388
was published
for
github.com/spectolabs/hoverfly
(Go)
Sep 3, 2024
Django vulnerable to information leakage in AuthenticationForm
High
CVE-2018-6188
was published
for
Django
(pip)
Oct 3, 2018
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183)
High
CVE-2024-46987
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
django-markupfield Arbitrary File Read
High
CVE-2015-0846
was published
for
django-markupfield
(pip)
May 17, 2022
Django Channels leakage of session identifiers using legacy AsgiHandler
High
CVE-2020-35681
was published
for
channels
(pip)
Mar 19, 2021
Apache Atlas produces Stack trace in error response
High
CVE-2017-3154
was published
for
org.apache.atlas:atlas-common
(Maven)
May 17, 2022
Tina search token leak via lock file in TinaCMS
High
CVE-2024-45391
was published
for
@tinacms/cli
(npm)
Sep 3, 2024
Apache Airflow Execution with Unnecessary Privileges
High
CVE-2023-39508
was published
for
apache-airflow
(pip)
Aug 5, 2023
Apache Airflow denial of service vulnerability
High
CVE-2023-37379
was published
for
apache-airflow
(pip)
Aug 23, 2023
Apache Airflow subject to Exposure of Sensitive Information
High
CVE-2022-27949
was published
for
apache-airflow
(pip)
Nov 14, 2022
Ansible Exposes Sensitive Information
High
CVE-2021-20228
was published
for
ansible
(pip)
May 25, 2022
Plaintext password leak in Apache Superset
High
CVE-2020-13952
was published
for
apache-superset
(pip)
Apr 30, 2021
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)
High
CVE-2023-34092
was published
for
vite
(npm)
Jun 6, 2023
Apache Sling Authentication Service vulnerability
High
CVE-2017-15700
was published
for
org.apache.sling:org.apache.sling.auth.core
(Maven)
May 14, 2022
Path traversal and dereference of symlinks in Argo CD
High
CVE-2022-24348
was published
for
github.com/argoproj/argo-cd
(Go)
Feb 7, 2022
Directus Allows Single Sign-On User Enumeration
High
CVE-2024-39896
was published
for
directus
(npm)
Jul 8, 2024
ProTip!
Advisories are also available from the
GraphQL API