GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,107
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,659
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
237 advisories
Filter by severity
RestrictedPython information leakage via `AttributeError.obj` and the `string` module
High
CVE-2024-47532
was published
for
RestrictedPython
(pip)
Sep 30, 2024
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183)
High
CVE-2024-46987
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`)
High
CVE-2024-45388
was published
for
github.com/spectolabs/hoverfly
(Go)
Sep 3, 2024
Tina search token leak via lock file in TinaCMS
High
CVE-2024-45391
was published
for
@tinacms/cli
(npm)
Sep 3, 2024
Apache Pinot: Unauthorized endpoint exposed sensitive information
High
CVE-2024-39676
was published
for
org.apache.pinot:pinot-controller
(Maven)
Jul 24, 2024
Sylius has a security vulnerability via adjustments API endpoint
High
CVE-2024-40633
was published
for
sylius/sylius
(Composer)
Jul 17, 2024
Directus Allows Single Sign-On User Enumeration
High
CVE-2024-39896
was published
for
directus
(npm)
Jul 8, 2024
Cilium leaks sensitive information in cilium-bugtool
High
CVE-2024-37307
was published
for
github.com/cilium/cilium
(Go)
Jun 13, 2024
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)
High
CVE-2024-4540
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 10, 2024
Adminer file disclosure vulnerability
High
GHSA-97h7-mf38-g9mf
was published
for
vrana/adminer
(Composer)
Jun 7, 2024
Jupyter server on Windows discloses Windows user password hash
High
CVE-2024-35178
was published
for
jupyter_server
(pip)
Jun 6, 2024
Duplicate Advisory: Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)
High
GHSA-4vrx-8phj-x3mg
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 3, 2024
•
withdrawn
Symfony allows direct access of ESI URLs behind a trusted proxy
High
CVE-2014-5245
was published
for
symfony/http-kernel
(Composer)
May 30, 2024
Duplicate Advisory: Scrapy leaks the authorization header on same-domain but cross-origin redirects
High
GHSA-cg34-w3fm-82h3
was published
for
scrapy
(pip)
May 20, 2024
•
withdrawn
eZ Platform User data disclosure
High
GHSA-3g43-xfrw-pv5m
was published
for
ezsystems/repository-forms
(Composer)
May 15, 2024
eZ Publish Information disclosure in backend content tree menu
High
GHSA-cc2j-92jq-wgjg
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
Cluster Monitoring Operator contains a credentials leak
High
CVE-2024-1139
was published
for
github.com/openshift/cluster-monitoring-operator
(Go)
Apr 25, 2024
Duplicate Advisory: Scrapy authorization header leakage on cross-domain redirect
High
GHSA-4q82-j5c2-g2c5
was published
for
scrapy
(pip)
Apr 16, 2024
•
withdrawn
Contao: Possible cookie sharing with external domains while checking protected pages for broken links
High
CVE-2024-28235
was published
for
contao/core-bundle
(Composer)
Apr 9, 2024
Insecure Variable Substitution in Vela
High
CVE-2024-28236
was published
for
github.com/go-vela/worker
(Go)
Mar 14, 2024
CasaOS-UserService allows unauthorized access to any file
High
CVE-2024-24765
was published
for
github.com/IceWhaleTech/CasaOS-UserService
(Go)
Mar 6, 2024
Scrapy authorization header leakage on cross-domain redirect
High
CVE-2024-3574
was published
for
scrapy
(pip)
Feb 15, 2024
TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
High
CVE-2024-25121
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
Liferay Portal vulnerable to user impersonation
High
CVE-2024-25148
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 8, 2024
ProTip!
Advisories are also available from the
GraphQL API