GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
94 advisories
Filter by severity
CSRF tokens leaked in URL by canned query form
Moderate
GHSA-q6j3-c4wc-63vw
was published
for
datasette
(pip)
Aug 11, 2020
Potential API key leak
Moderate
GHSA-63rq-p8fp-524q
was published
for
sopel-modules.weather
(pip)
Apr 13, 2021
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates
Moderate
CVE-2021-4180
was published
for
tripleo-heat-templates
(pip)
Mar 24, 2022
Information disclosure vulnerability in OnionShare
Moderate
CVE-2021-41867
was published
for
onionshare-cli
(pip)
Nov 19, 2021
OpenStack Compute (Nova) Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2014-3517
was published
for
nova
(pip)
May 14, 2022
OpenStack Cinder Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2014-3641
was published
for
cinder
(pip)
May 17, 2022
OpenStack Object Storage (Swift) Sensitive Data Exposure
Moderate
CVE-2015-5223
was published
for
swift
(pip)
May 14, 2022
aptdaemon Information Disclosure via Improper Input Validation in Transaction class
Moderate
CVE-2020-15703
was published
for
aptdaemon
(pip)
May 24, 2022
Mailman Sensitive Information Disclosure
Moderate
CVE-2004-0412
was published
for
mailman
(pip)
Apr 29, 2022
FTP backend for Duplicity Discloses Passwords to Process Listing
Moderate
CVE-2007-5201
was published
for
duplicity
(pip)
May 1, 2022
Information disclosure in AccessControl
Moderate
CVE-2023-41050
was published
for
AccessControl
(pip)
Sep 7, 2023
Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users
Moderate
CVE-2023-40570
was published
for
datasette
(pip)
Aug 22, 2023
Apache Superset vulnerable to Exposure of Sensitive Information
Moderate
CVE-2023-30776
was published
for
apache-superset
(pip)
Jul 6, 2023
yt-dlp File Downloader cookie leak
Moderate
CVE-2023-35934
was published
for
yt-dlp
(pip)
Jul 6, 2023
Fides Information Disclosure Vulnerability in Config API Endpoint
Moderate
CVE-2023-46125
was published
for
ethyca-fides
(pip)
Oct 24, 2023
Apache Airflow vulnerable to sensitive information exposure
Moderate
CVE-2023-42663
was published
for
apache-airflow
(pip)
Oct 14, 2023
web2py exposure of sensitive information
Moderate
CVE-2016-3954
was published
for
web2py
(pip)
May 14, 2022
Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-42505
was published
for
apache-superset
(pip)
Nov 28, 2023
OpenStack Keystone Logs Passwords
Moderate
CVE-2015-3646
was published
for
keystone
(pip)
May 13, 2022
User accounts disclosed to unauthenticated actors on the LAN
Moderate
CVE-2023-50715
was published
for
homeassistant
(pip)
Dec 15, 2023
Exposure of Sensitive Information in mltable
Moderate
CVE-2023-35625
was published
for
mltable
(pip)
Dec 12, 2023
Synapse vulnerable to leak of remote user device information
Moderate
CVE-2023-43796
was published
for
matrix-synapse
(pip)
Oct 31, 2023
NoneBot Potential Information Leak in User-Constructed Message Templates
Moderate
CVE-2024-21624
was published
for
nonebot2
(pip)
Feb 9, 2024
Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only
Moderate
CVE-2023-45348
was published
for
apache-airflow
(pip)
Oct 14, 2023
Unintended leak of Proxy-Authorization header in requests
Moderate
CVE-2023-32681
was published
for
requests
(pip)
May 22, 2023
ProTip!
Advisories are also available from the
GraphQL API