GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+
278 advisories
Filter by severity
Any storage file can be downloaded from p.sh if full server path is known
High
GHSA-gqcf-83rq-gpfr
was published
for
ibexa/post-install
(Composer)
Sep 14, 2021
Exposure of Sensitive Information to an Unauthorized Actor
High
CVE-2021-32717
was published
for
shopware/platform
(Composer)
Sep 8, 2021
Basic-auth app bundle credential exposure in gatsby-source-wordpress
High
CVE-2021-32770
was published
for
gatsby-source-wordpress
(npm)
Jul 19, 2021
Private files publicly accessible with Cloud Storage providers
High
GHSA-vrf2-xghr-j52v
was published
for
shopware/core
(Composer)
Jun 28, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
High
CVE-2021-25122
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jun 16, 2021
Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox
High
CVE-2021-20259
was published
for
foreman_fog_proxmox
(RubyGems)
Jun 10, 2021
Exposure of sensitive information to an unauthorized actor in HyperKitty
High
CVE-2021-33038
was published
for
HyperKitty
(pip)
Jun 1, 2021
Lookup function information discolosure in helm
High
CVE-2020-11013
was published
for
helm.sh/helm/v3
(Go)
May 27, 2021
Private Field data leak
High
CVE-2021-32624
was published
for
@keystonejs/keystone
(npm)
May 27, 2021
Potential memory exposure in dns-packet
High
CVE-2021-23386
was published
for
dns-packet
(npm)
May 24, 2021
Information Disclosure in HashiCorp Vault
High
CVE-2020-13223
was published
for
github.com/hashicorp/vault
(Go)
May 18, 2021
Insecure template handling in Squirrelly
High
CVE-2021-32819
was published
for
squirrelly
(npm)
May 17, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket
High
CVE-2020-11976
was published
for
org.apache.wicket:wicket-core
(Maven)
May 7, 2021
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability
High
CVE-2021-22885
was published
for
actionpack
(RubyGems)
May 5, 2021
Plaintext password leak in Apache Superset
High
CVE-2020-13952
was published
for
apache-superset
(pip)
Apr 30, 2021
.NET Core Information Disclosure
High
CVE-2018-8292
was published
for
System.Net.Http
(NuGet)
Apr 21, 2021
ApiKey secret could be revelated on network issue
High
CVE-2021-21421
was published
for
node-etsy-client
(npm)
Apr 6, 2021
OMERO.web exposes some unnecessary session information in the page
High
CVE-2021-21376
was published
for
omero-web
(pip)
Mar 23, 2021
Django Channels leakage of session identifiers using legacy AsgiHandler
High
CVE-2020-35681
was published
for
channels
(pip)
Mar 19, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Products.PluggableAuthService ZODBRoleManager
High
CVE-2021-21336
was published
for
Products.PluggableAuthService
(pip)
Mar 8, 2021
Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID
High
CVE-2018-10189
was published
for
mautic/core
(Composer)
Jan 19, 2021
Arbitrary File Read in phantom-html-to-pdf
High
CVE-2020-7763
was published
for
phantom-html-to-pdf
(npm)
Nov 6, 2020
Unauthorized File Access in atompm
High
GHSA-v86x-f47q-f7f4
was published
for
atompm
(npm)
Sep 11, 2020
Missing Origin Validation in browserify-hmr
High
CVE-2018-14730
was published
for
browserify-hmr
(npm)
Sep 1, 2020
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
High
CVE-2020-15099
was published
for
typo3/cms
(Composer)
Jul 29, 2020
ProTip!
Advisories are also available from the
GraphQL API