Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,978
Maven
5,000+
npm
3,698
NuGet
656
pip
3,315
Pub
11
RubyGems
882
Rust
832
Swift
35
Unreviewed advisories
All unreviewed
5,000+

971 advisories

Loading
Exposure of SSH credentials in Rancher/Fleet Low
GHSA-wm2r-rp98-8pmh was published for github.com/rancher/rancher (Go) Apr 27, 2022
Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments Moderate
GHSA-v7x3-7hw7-pcjg was published for renovate (npm) Oct 21, 2019
Jetty vulnerable to exposure of sensitive information to unauthenticated remote users High
CVE-2015-2080 was published for org.eclipse.jetty:jetty-server (Maven) Nov 9, 2018
Phoenix-ws source code and data in extensions folder is publicly available High
GHSA-c8f7-x2g7-7fxj was published for phoenix-ws (pip) Jun 2, 2022
Memory Exposure in tunnel-agent Moderate
GHSA-xc7v-wxcw-j472 was published for tunnel-agent (npm) Jun 3, 2019
Memory Exposure in bl Moderate
GHSA-wrw9-m778-g6mc was published for bl (npm) Jun 3, 2019
Sensitive Data Exposure in pem Critical
GHSA-pgcr-7wm4-mcv6 was published for pem (npm) Jun 4, 2019
Memory Exposure in concat-stream Moderate
GHSA-g74r-ffvr-5q9f was published for concat-stream (npm) Jun 3, 2019
Apache NiFi process group information disclosure Moderate
CVE-2019-10083 was published for org.apache.nifi:nifi (Maven) Dec 2, 2019
Information disclosure in SSB-DB High
CVE-2020-4045 was published for ssb-db (npm) Jun 11, 2020
mixmix christianbundy
arj03 staltz cryptix
Information disclosure in parse-server High
CVE-2020-5251 was published for parse-server (npm) Mar 4, 2020
davimacedo
Local file disclosure in PHPMailer Moderate
CVE-2017-5223 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service Moderate
CVE-2017-12625 was published for org.apache.hive:hive (Maven) Mar 14, 2019
Github Token Leak in aegir High
CVE-2017-16225 was published for aegir (npm) Jul 24, 2018
Missing Origin Validation in parcel-bundler High
CVE-2018-14731 was published for parcel-bundler (npm) Oct 30, 2018
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 Moderate
CVE-2015-7940 was published for org.bouncycastle:bcprov-jdk14 (Maven) Oct 17, 2018
Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main Moderate
CVE-2017-15713 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018
Information Exposure on Case Insensitive File Systems in serve Moderate
CVE-2018-3809 was published for serve (npm) Jul 18, 2018
Insecure Default Configuration in airbrake Moderate
CVE-2016-10530 was published for airbrake (npm) Feb 18, 2019
Moderate severity vulnerability that affects org.apache.qpid:proton-j Moderate
CVE-2016-2166 was published for org.apache.qpid:proton-j (Maven) Oct 16, 2018
Apache Ignite communicates to an external PHP server where sensitive information is sent High
CVE-2017-7686 was published for org.apache.ignite:ignite-core (Maven) Oct 16, 2018
Moderate severity vulnerability that affects org.apache.mesos:mesos Moderate
CVE-2018-8023 was published for org.apache.mesos:mesos (Maven) Oct 17, 2018
XML External Entity Injection in XStream High
CVE-2016-3674 was published for com.thoughtworks.xstream:xstream (Maven) Jun 30, 2020
Potentially sensitive data exposure in Symfony Web Socket Bundle Moderate
GHSA-wwgf-3xp7-cxj4 was published for gos/web-socket-bundle (Composer) Jul 7, 2020
phproberto
Moderate severity vulnerability that affects org.apache.storm:storm-core Moderate
CVE-2018-1332 was published for org.apache.storm:storm-core (Maven) Oct 17, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database