GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
176 advisories
Filter by severity
Phoenix-ws source code and data in extensions folder is publicly available
High
GHSA-c8f7-x2g7-7fxj
was published
for
phoenix-ws
(pip)
Jun 2, 2022
CSRF tokens leaked in URL by canned query form
Moderate
GHSA-q6j3-c4wc-63vw
was published
for
datasette
(pip)
Aug 11, 2020
datasette-graphql leaks details of the schema of private database files
Low
GHSA-74hv-qjjq-h7g5
was published
for
datasette-graphql
(pip)
Nov 24, 2020
Potential API key leak
Moderate
GHSA-63rq-p8fp-524q
was published
for
sopel-modules.weather
(pip)
Apr 13, 2021
Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI
High
CVE-2022-25512
was published
for
FreeTAKServer-UI
(pip)
Mar 12, 2022
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates
Moderate
CVE-2021-4180
was published
for
tripleo-heat-templates
(pip)
Mar 24, 2022
Cookie and header exposure in twisted
High
CVE-2022-21712
was published
for
twisted
(pip)
Feb 7, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Products.PluggableAuthService ZODBRoleManager
Moderate
CVE-2021-21336
was published
for
Products.PluggableAuthService
(pip)
Mar 8, 2021
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings
Low
CVE-2022-31177
was published
for
Flask-AppBuilder
(pip)
Jul 29, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup
Low
CVE-2021-21360
was published
for
Products.GenericSetup
(pip)
Mar 9, 2021
OMERO.web exposes some unnecessary session information in the page
Moderate
CVE-2021-21376
was published
for
omero-web
(pip)
Mar 23, 2021
Splash authentication credentials potentially leaked to target websites
High
CVE-2021-41124
was published
for
scrapy-splash
(pip)
Oct 6, 2021
Information disclosure vulnerability in OnionShare
Moderate
CVE-2021-41867
was published
for
onionshare-cli
(pip)
Nov 19, 2021
Comment reply notifications sent to incorrect users
Low
CVE-2022-21683
was published
for
wagtail
(pip)
Jan 21, 2022
TripleO Heat templates might allow remote attackers to obtain sensitive information from private containers
High
CVE-2015-5271
was published
for
tripleo-heat-templates
(pip)
May 17, 2022
OpenStack Compute (Nova) Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2014-3517
was published
for
nova
(pip)
May 14, 2022
Exposure of Sensitive Information in Plone
Moderate
CVE-2012-5508
was published
for
Plone
(pip)
May 17, 2022
OpenStack Cinder Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2014-3641
was published
for
cinder
(pip)
May 17, 2022
OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file
Moderate
CVE-2015-5163
was published
for
glance
(pip)
May 17, 2022
Forwarding of confidentials headers to third parties in fluture-node
Low
CVE-2022-24719
was published
for
fluture-node
(npm)
Mar 1, 2022
OMERO-web Sensitive Data Exposure
Moderate
CVE-2020-7932
was published
for
omero-web
(pip)
May 24, 2022
OpenStack Object Storage (Swift) Sensitive Data Exposure
Moderate
CVE-2015-5223
was published
for
swift
(pip)
May 14, 2022
Weblate user account enumeration via reset password form
Moderate
CVE-2017-5537
was published
for
weblate
(pip)
May 17, 2022
python-keystoneclient unsecure user password update
Low
CVE-2013-2013
was published
for
python-keystoneclient
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API