GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
574 advisories
Filter by severity
OpenStack Cinder LVMVolumeDriver does not zero deleted snapshots
Moderate
CVE-2013-4183
was published
for
cinder
(pip)
May 17, 2022
Rancher Helm Applications may have sensitive values leaked
Moderate
CVE-2024-52282
was published
for
github.com/rancher/rancher
(Go)
Nov 20, 2024
OpenStack Glance logs user name and password in cleartext
Moderate
CVE-2013-0212
was published
for
glance
(pip)
May 5, 2022
Tryton allows users to read the hashed password
Moderate
CVE-2016-1241
was published
for
trytond
(pip)
May 17, 2022
Tryton allow authenticated users with certain permissions to read arbitrary files via the name parameter
Moderate
CVE-2016-1242
was published
for
trytond
(pip)
May 17, 2022
Clear Text Credentials Exposed via Onboarding Task
Moderate
CVE-2023-48700
was published
for
nautobot-device-onboarding
(pip)
Nov 21, 2023
OpenStack Nova Information leak in libvirt LVM-backed instances
Moderate
CVE-2012-5625
was published
for
nova
(pip)
May 17, 2022
gnark's Groth16 commitment extension unsound for more than one commitment
Moderate
CVE-2024-45039
was published
for
github.com/consensys/gnark
(Go)
Sep 6, 2024
Weblate user account enumeration via reset password form
Moderate
CVE-2017-5537
was published
for
weblate
(pip)
May 17, 2022
Comment reply notifications sent to incorrect users
Moderate
CVE-2022-21683
was published
for
wagtail
(pip)
Jan 21, 2022
Authorization Header forwarded on redirect
Moderate
CVE-2018-25091
was published
for
urllib3
(pip)
Oct 15, 2023
urllib3's request body not stripped after redirect from 303 status changes request method to GET
Moderate
CVE-2023-45803
was published
for
urllib3
(pip)
Oct 17, 2023
Hwameistor Potential Permission Leakage of Cluster Level
Moderate
CVE-2024-45054
was published
for
github.com/hwameistor/hwameistor
(Go)
Aug 29, 2024
@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages)
Moderate
CVE-2024-39919
was published
for
@jmondi/url-to-png
(npm)
Jul 15, 2024
Exposure of Sensitive information in httpie
Moderate
CVE-2022-0430
was published
for
httpie
(pip)
Mar 16, 2022
Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling
Moderate
CVE-2024-23944
was published
for
org.apache.zookeeper:zookeeper
(Maven)
Mar 15, 2024
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission
Moderate
CVE-2024-47805
was published
for
org.jenkins-ci.plugins:credentials
(Maven)
Oct 2, 2024
Moodle IDOR when accessing list of badge recipients
Moderate
CVE-2024-48900
was published
for
moodle/moodle
(Composer)
Nov 13, 2024
Gradio vulnerable to arbitrary file read with File and UploadButton components
Moderate
CVE-2024-51751
was published
for
gradio
(pip)
Nov 6, 2024
img_auth.php may leak private extension images into the public cache
Moderate
CVE-2020-15005
was published
for
mediawiki/core
(Composer)
May 24, 2022
Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions
Moderate
CVE-2024-23445
was published
for
org.elasticsearch:elasticsearch
(Maven)
Jun 12, 2024
HTML Purifier allows remote attackers to obtain sensitive information
Moderate
CVE-2011-3744
was published
for
ezyang/htmlpurifier
(Composer)
May 17, 2022
TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
Moderate
CVE-2022-23504
was published
for
typo3/cms
(Composer)
Dec 13, 2022
Scrapy HTTP authentication credentials potentially leaked to target websites
Moderate
CVE-2021-41125
was published
for
Scrapy
(pip)
Oct 6, 2021
Roundup sensitive data disclosure vulnerability
Moderate
CVE-2014-6276
was published
for
roundup
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API