GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
575 advisories
Filter by severity
Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments
Moderate
GHSA-v7x3-7hw7-pcjg
was published
for
renovate
(npm)
Oct 21, 2019
Memory Exposure in tunnel-agent
Moderate
GHSA-xc7v-wxcw-j472
was published
for
tunnel-agent
(npm)
Jun 3, 2019
Memory Exposure in concat-stream
Moderate
GHSA-g74r-ffvr-5q9f
was published
for
concat-stream
(npm)
Jun 3, 2019
Apache NiFi process group information disclosure
Moderate
CVE-2019-10083
was published
for
org.apache.nifi:nifi
(Maven)
Dec 2, 2019
Local file disclosure in PHPMailer
Moderate
CVE-2017-5223
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
Moderate
CVE-2017-12625
was published
for
org.apache.hive:hive
(Maven)
Mar 14, 2019
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
Moderate
CVE-2015-7940
was published
for
org.bouncycastle:bcprov-jdk14
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main
Moderate
CVE-2017-15713
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Dec 21, 2018
Information Exposure on Case Insensitive File Systems in serve
Moderate
CVE-2018-3809
was published
for
serve
(npm)
Jul 18, 2018
Insecure Default Configuration in airbrake
Moderate
CVE-2016-10530
was published
for
airbrake
(npm)
Feb 18, 2019
Moderate severity vulnerability that affects org.apache.qpid:proton-j
Moderate
CVE-2016-2166
was published
for
org.apache.qpid:proton-j
(Maven)
Oct 16, 2018
Moderate severity vulnerability that affects org.apache.mesos:mesos
Moderate
CVE-2018-8023
was published
for
org.apache.mesos:mesos
(Maven)
Oct 17, 2018
Potentially sensitive data exposure in Symfony Web Socket Bundle
Moderate
GHSA-wwgf-3xp7-cxj4
was published
for
gos/web-socket-bundle
(Composer)
Jul 7, 2020
Moderate severity vulnerability that affects org.apache.storm:storm-core
Moderate
CVE-2018-1332
was published
for
org.apache.storm:storm-core
(Maven)
Oct 17, 2018
CSRF tokens leaked in URL by canned query form
Moderate
GHSA-q6j3-c4wc-63vw
was published
for
datasette
(pip)
Aug 11, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL
Moderate
CVE-2018-8024
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Mar 14, 2019
Information Exposure in RunC
Moderate
CVE-2016-9962
was published
for
github.com/opencontainers/runc
(Go)
Dec 20, 2021
Potential API key leak
Moderate
GHSA-63rq-p8fp-524q
was published
for
sopel-modules.weather
(pip)
Apr 13, 2021
Microsoft.ChakraCore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2019-0746
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
Ignition config accessible to unprivileged software on VMware
Moderate
CVE-2022-1706
was published
for
github.com/coreos/ignition
(Go)
May 25, 2022
Fat Free CRM allows remote attackers to obtain sensitive information via a direct request
Moderate
CVE-2013-7224
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM vulnerable to Exposure of Sensitive Information
Moderate
CVE-2013-7249
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
rack-mini-profiler allows remote attackers to obtain sensitive information about allocated strings and objects
Moderate
CVE-2016-4442
was published
for
rack-mini-profiler
(RubyGems)
Oct 24, 2017
Authlogic Information Exposure vulnerability
Moderate
CVE-2012-6497
was published
for
authlogic
(RubyGems)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API