GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,001
Maven
5,000+
npm
3,713
NuGet
661
pip
3,384
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
95 advisories
Filter by severity
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark
Moderate
CVE-2018-1334
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Mar 14, 2019
Exposure of Sensitive Information to an Unauthorized Actor in ansible
Moderate
CVE-2019-10156
was published
for
ansible
(pip)
Jul 31, 2019
Information disclosure in Apache Superset
Moderate
CVE-2020-1932
was published
for
apache-superset
(pip)
Feb 26, 2020
Users can view database names in Apache Superset
Moderate
CVE-2019-12414
was published
for
apache-superset
(pip)
Feb 26, 2020
Users able to query database metadata in Apache Superset
Moderate
CVE-2019-12413
was published
for
apache-superset
(pip)
Feb 26, 2020
CSRF tokens leaked in URL by canned query form
Moderate
GHSA-q6j3-c4wc-63vw
was published
for
datasette
(pip)
Aug 11, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup
Moderate
CVE-2021-21360
was published
for
Products.GenericSetup
(pip)
Mar 9, 2021
Insertion of Sensitive Information into Log File, Invocation of Process Using Visible Sensitive Information, and Exposure of Sensitive Information to an Unauthorized Actor in Ansible
Moderate
CVE-2020-1753
was published
for
ansible
(pip)
Apr 7, 2021
Exposure of Sensitive Information to an Unauthorized Actor and Insecure Temporary File in Ansible
Moderate
CVE-2020-1740
was published
for
ansible
(pip)
Apr 7, 2021
Potential API key leak
Moderate
GHSA-63rq-p8fp-524q
was published
for
sopel-modules.weather
(pip)
Apr 13, 2021
Exposure of Sensitive Information to an Unauthorized Actor in ansible
Moderate
CVE-2020-1746
was published
for
ansible
(pip)
Apr 20, 2021
Scrapy HTTP authentication credentials potentially leaked to target websites
Moderate
CVE-2021-41125
was published
for
Scrapy
(pip)
Oct 6, 2021
Information disclosure vulnerability in OnionShare
Moderate
CVE-2021-41867
was published
for
onionshare-cli
(pip)
Nov 19, 2021
Comment reply notifications sent to incorrect users
Moderate
CVE-2022-21683
was published
for
wagtail
(pip)
Jan 21, 2022
Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy
Moderate
CVE-2022-0577
was published
for
scrapy
(pip)
Mar 1, 2022
Exposure of Sensitive Information to an Unauthorized Actor in httpie
Moderate
CVE-2022-24737
was published
for
httpie
(pip)
Mar 7, 2022
Exposure of Sensitive information in httpie
Moderate
CVE-2022-0430
was published
for
httpie
(pip)
Mar 16, 2022
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates
Moderate
CVE-2021-4180
was published
for
tripleo-heat-templates
(pip)
Mar 24, 2022
OpenStack Nova Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2011-4076
was published
for
nova
(pip)
Apr 22, 2022
Mailman Sensitive Information Disclosure
Moderate
CVE-2004-0412
was published
for
mailman
(pip)
Apr 29, 2022
FTP backend for Duplicity Discloses Passwords to Process Listing
Moderate
CVE-2007-5201
was published
for
duplicity
(pip)
May 1, 2022
OpenStack Glance logs user name and password in cleartext
Moderate
CVE-2013-0212
was published
for
glance
(pip)
May 5, 2022
Django Data leakage via admin history log
Moderate
CVE-2013-0305
was published
for
Django
(pip)
May 5, 2022
OpenStack Keystone Logs Passwords
Moderate
CVE-2015-3646
was published
for
keystone
(pip)
May 13, 2022
OpenStack Identity Keystone Exposure of Sensitive Information
Moderate
CVE-2014-3621
was published
for
keystone
(pip)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API