GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
32 advisories
Filter by severity
Exposure of Sensitive Information in Hadoop
Critical
CVE-2017-15718
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Dec 21, 2018
Insecure Permissions in Gogs
Critical
CVE-2019-14544
was published
for
gogs.io/gogs
(Go)
May 18, 2021
Argo CD will blindly trust JWT claims if anonymous access is enabled
Critical
CVE-2022-29165
was published
for
github.com/argoproj/argo-cd
(Go)
May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop
Critical
CVE-2016-3086
was published
for
org.apache.hadoop:hadoop-yarn-server-nodemanager
(Maven)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Critical
CVE-2017-1000362
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Weave GitOps leaked cluster credentials into logs on connection errors
Critical
CVE-2022-31098
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jun 23, 2022
Exposure of Sensitive Information in Jenkins Core
Critical
CVE-2016-0791
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor
Critical
CVE-2021-32711
was published
for
shopware/platform
(Composer)
Sep 8, 2021
Insecure cookie sharing in Hawtio
Critical
CVE-2017-2589
was published
for
io.hawt:project
(Maven)
May 13, 2022
angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend
Critical
CVE-2023-28444
was published
for
angular-server-side-configuration
(npm)
Mar 24, 2023
Improper access control allows admin privilege escalation in Argo CD
Critical
CVE-2022-24768
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Airbrake keys not being filtered
Critical
CVE-2019-16060
was published
for
airbrake-ruby
(RubyGems)
Sep 11, 2019
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code
Critical
CVE-2022-39222
was published
for
github.com/dexidp/dex
(Go)
Oct 3, 2022
tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli
Critical
GHSA-h24c-6p6p-m3vx
was published
for
github.com/bnb-chain/tss-lib
(Go)
Sep 1, 2023
Anchor CMS Logs Credentials
Critical
CVE-2018-7251
was published
for
anchorcms/anchor-cms
(Composer)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in AEgir
Critical
CVE-2020-11059
was published
for
aegir
(npm)
May 27, 2020
Json response for search reveals Solr credentials
Critical
GHSA-v6xp-ccvx-w52m
was published
for
ibexa/solr
(Composer)
Nov 3, 2023
Json response for search reveals Solr credentials
Critical
GHSA-7crc-r3wg-cfgf
was published
for
ezsystems/ezplatform-solr-search-engine
(Composer)
Nov 3, 2023
Argo CD cluster secret might leak in cluster details page
Critical
CVE-2023-40029
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Sep 11, 2023
SQLpage vulnerable to public exposure of database credentials
Critical
CVE-2023-42454
was published
for
sqlpage
(Rust)
Sep 21, 2023
Exposure of Sensitive Information in eventsource
Critical
CVE-2022-1650
was published
for
eventsource
(npm)
May 13, 2022
Openstack Magnum Unsafe Credential Handling
Critical
CVE-2016-7404
was published
for
openstack-magnum
(pip)
May 24, 2022
Cache poisoning in drupal/core
Critical
CVE-2023-5256
was published
for
drupal/core
(Composer)
Sep 28, 2023
Potential Remote Code Execution in TYPO3 with mediace extension
Critical
CVE-2020-15086
was published
for
friendsoftypo3/mediace
(Composer)
Jul 29, 2020
ProTip!
Advisories are also available from the
GraphQL API