Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

53 advisories

Loading
Django vulnerable to information leakage in AuthenticationForm High
CVE-2018-6188 was published for Django (pip) Oct 3, 2018
MarkLee131
Exposure of Sensitive Information to an Unauthorized Actor in Products.PluggableAuthService ZODBRoleManager High
CVE-2021-21336 was published for Products.PluggableAuthService (pip) Mar 8, 2021
chutchut
Django Channels leakage of session identifiers using legacy AsgiHandler High
CVE-2020-35681 was published for channels (pip) Mar 19, 2021
OMERO.web exposes some unnecessary session information in the page High
CVE-2021-21376 was published for omero-web (pip) Mar 23, 2021
Plaintext password leak in Apache Superset High
CVE-2020-13952 was published for apache-superset (pip) Apr 30, 2021
Exposure of sensitive information to an unauthorized actor in HyperKitty High
CVE-2021-33038 was published for HyperKitty (pip) Jun 1, 2021
westonsteimel
Splash authentication credentials potentially leaked to target websites High
CVE-2021-41124 was published for scrapy-splash (pip) Oct 6, 2021
Exposure of Sensitive Information to an Unauthorized Actor in ansible High
CVE-2019-10217 was published for ansible (pip) Oct 12, 2021
Unsafe handling of user-specified cookies in treq High
CVE-2022-23607 was published for treq (pip) Feb 1, 2022
glyph twm
Cookie and header exposure in twisted High
CVE-2022-21712 was published for Twisted (pip) Feb 7, 2022
ranjit-git alex
twm
Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI High
CVE-2022-25512 was published for FreeTAKServer-UI (pip) Mar 12, 2022
MotionEye allows attackers to access sensitive information High
CVE-2022-25568 was published for motioneye (pip) Mar 25, 2022
Trac reStructuredText breach of privacy and denial of service vulnerability High
CVE-2006-3695 was published for trac (pip) May 1, 2022
Paramiko Unsafe randomness usage may allow access to sensitive information High
CVE-2008-0299 was published for paramiko (pip) May 1, 2022
MoinMoin Exposure of Sensitive Disclosure when GATEWAY_INTERFACE variable is set High
CVE-2010-0667 was published for moin (pip) May 2, 2022
anonymous4ACL24
OpenStack Ironic Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2016-4985 was published for ironic (pip) May 13, 2022
Ansible sensitive information disclosure High
CVE-2018-16876 was published for ansible (pip) May 13, 2022
RhodeCode and Kallithea are vulnerable to sensitive information disclosure High
CVE-2015-0260 was published for Kallithea (pip) May 13, 2022
openstack-mistral Discloses the presence of arbitrary files within the filesystem High
CVE-2018-16849 was published for mistral (pip) May 13, 2022
keycloak-httpd-client-install Insecure Secrets High
CVE-2017-15112 was published for keycloak-httpd-client-install (pip) May 14, 2022
OpenStack Nova Live migration can leak root disk into ephemeral storage High
CVE-2013-7130 was published for nova (pip) May 17, 2022
txAWS AWSServiceEndpoint defaults to not verifying server certificates High
CVE-2017-1000007 was published for txaws (pip) May 17, 2022
SaltStack Salt Information Exposure High
CVE-2017-8109 was published for salt (pip) May 17, 2022
Django Reuses Cached CSRF Token High
CVE-2014-0473 was published for Django (pip) May 17, 2022
MarkLee131
TripleO Heat templates might allow remote attackers to obtain sensitive information from private containers High
CVE-2015-5271 was published for tripleo-heat-templates (pip) May 17, 2022
ProTip! Advisories are also available from the GraphQL API