Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,978
Maven
5,000+
npm
3,698
NuGet
656
pip
3,315
Pub
11
RubyGems
882
Rust
832
Swift
35
Unreviewed advisories
All unreviewed
5,000+

106 advisories

Loading
Local API Login Credentials Disclosure in paratrooper-pingdom Low
CVE-2014-1233 was published for paratrooper-pingdom (RubyGems) Oct 24, 2017
Paratrooper-newrelic Exposes of Sensitive Information to an Unauthorized Actor Low
CVE-2014-1234 was published for paratrooper-newrelic (RubyGems) Oct 24, 2017
rest-client allows local users to obtain sensitive information by reading the log Low
CVE-2015-3448 was published for rest-client (RubyGems) Oct 24, 2017
Exposure of Sensitive Information to an Unauthorized Actor in Apache hive Low
CVE-2018-1284 was published for org.apache.hive:hive (Maven) Nov 21, 2018
MarkLee131
Information disclosure of source code in SimpleSAMLphp Low
CVE-2020-5301 was published for simplesamlphp/simplesamlphp (Composer) Apr 22, 2020
slawn
Sensitive Data Exposure in loopback Low
GHSA-724c-6vrf-99rq was published for loopback (npm) Sep 2, 2020
Sensitive Data Exposure in put Low
GHSA-v6gv-fg46-h89j was published for put (npm) Sep 3, 2020
datasette-graphql leaks details of the schema of private database files Low
GHSA-74hv-qjjq-h7g5 was published for datasette-graphql (pip) Nov 24, 2020
Information exposure via query strings in URL Low
GHSA-cq6h-w3mc-57f4 was published for shopware/core (Composer) Dec 21, 2020
Information Disclosure in Guava Low
CVE-2020-8908 was published for com.google.guava:guava (Maven) Mar 25, 2021
joshbressers
Directory exposure in jetty Low
CVE-2021-28163 was published for org.eclipse.jetty:jetty-deploy (Maven) Apr 6, 2021
svarovski
Exposure of Sensitive Information to an Unauthorized Actor in Ansible Low
CVE-2020-1739 was published for ansible (pip) Apr 7, 2021
User (Encrypted) Password Field Being Serialised Low
GHSA-7fjp-g4m7-fx23 was published for pwweb/laravel-core (Composer) Apr 13, 2021
Potential sensitive data exposure in applications using Vaadin 15 Low
GHSA-76f4-fw33-6j2v was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
knoobie
Potential sensitive data exposure in applications using Vaadin 15 Low
CVE-2020-36319 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
knoobie
User enumeration in authentication mechanisms Low
GHSA-2frx-j9hj-6c65 was published for lexik/jwt-authentication-bundle (Composer) May 17, 2021
mbrodala chalasr
User enumeration in authentication mechanisms Low
GHSA-g2qj-pmxm-9f8f was published for symfony/security-http (Composer) May 17, 2021
Temporary urls leaked via logging Low
CVE-2017-8761 was published for swift (pip) Jun 8, 2021
File exposure in pleaser Low
CVE-2021-31153 was published for pleaser (Rust) Aug 25, 2021
another-rex
Improper authorisation of members discloses room membership to non-members Low
CVE-2021-39164 was published for matrix-synapse (pip) Sep 1, 2021
0xkasper
Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner. Low
CVE-2021-39163 was published for matrix-synapse (pip) Sep 1, 2021
0xkasper
Comment reply notifications sent to incorrect users Low
CVE-2022-21683 was published for wagtail (pip) Jan 21, 2022
dest81
Forwarding of confidentials headers to third parties in fluture-node Low
CVE-2022-24719 was published for fluture-node (npm) Mar 1, 2022
Exposure of Sensitive information in httpie Low
CVE-2022-0430 was published for httpie (pip) Mar 16, 2022
Twig Sandbox Information Disclosure Low
CVE-2019-9942 was published for twig/twig (Composer) Mar 26, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database