GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,065
Maven
5,000+
npm
3,744
NuGet
668
pip
3,426
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+
994 advisories
Filter by severity
fetch: Authorization headers not dropped when redirecting cross-origin
High
CVE-2025-21620
was published
for
deno
(Rust)
Jan 6, 2025
changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal
High
CVE-2024-56509
was published
for
changedetection.io
(pip)
Dec 27, 2024
Exposure of Sensitive Information to an Unauthorized Actor in urllib3
Critical
CVE-2018-20060
was published
for
urllib3
(pip)
Dec 12, 2018
TunnelVision - decloaking VPNs using DHCP
Moderate
GHSA-hqmp-g7ph-x543
was published
for
quincy
(Rust)
Dec 27, 2024
Keycloak's admin API allows low privilege users to use administrative functions
High
CVE-2024-3656
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 11, 2024
Browsershot Improper Input Validation vulnerability
High
CVE-2024-21549
was published
for
spatie/browsershot
(Composer)
Dec 20, 2024
undertow: information leakage via HTTP/2 request header reuse
High
CVE-2024-4109
was published
for
io.undertow:undertow-core
(Maven)
Dec 12, 2024
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Low
CVE-2024-30260
was published
for
undici
(npm)
Apr 4, 2024
Welcome and About GeoServer pages communicate version and revision information
Moderate
CVE-2024-35230
was published
for
org.geoserver.web:gs-web-app
(Maven)
Dec 16, 2024
Mattermost race condition
Low
CVE-2024-1949
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
`Cookie` HTTP header isn't stripped on cross-origin redirects
High
CVE-2023-43804
was published
for
urllib3
(pip)
Oct 2, 2023
http4k has a potential XXE (XML External Entity Injection) vulnerability
Critical
CVE-2024-55875
was published
for
org.http4k:http4k-format-xml
(Maven)
Dec 12, 2024
`auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace
Moderate
CVE-2024-53859
was published
for
github.com/cli/go-gh
(Go)
Nov 27, 2024
PQClean has a correctness error in HQC decapsulation
High
GHSA-753p-wrj5-g8fj
was published
for
pqcrypto-hqc
(Rust)
Dec 11, 2024
Directus allows unauthenticated access to WebSocket events and operations
High
CVE-2024-54151
was published
for
@directus/api
(npm)
Dec 9, 2024
Firepad allows insecure document access
Low
CVE-2024-51210
was published
for
firepad
(npm)
Dec 4, 2024
Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability
Low
CVE-2018-1000186
was published
for
org.jenkins-ci.plugins:ghprb
(Maven)
May 14, 2022
Modified package published to npm, containing malware that exfiltrates private key material
High
CVE-2024-54134
was published
for
@solana/web3.js
(npm)
Dec 4, 2024
Access to Archived Argo Workflows with Fake Token in `client` mode
Moderate
CVE-2024-53862
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Dec 2, 2024
Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts
Moderate
CVE-2024-53858
was published
for
github.com/cli/cli/v2
(Go)
Nov 27, 2024
OpenStack Swift Discloses Secret URLs to Timing Attack
High
CVE-2014-0006
was published
for
swift
(pip)
May 17, 2022
OpenStack Nova host data leak to vm instance in rescue mode
Low
CVE-2014-0134
was published
for
nova
(pip)
May 17, 2022
OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file
High
CVE-2015-5163
was published
for
glance
(pip)
May 17, 2022
OpenStack Nova Live migration can leak root disk into ephemeral storage
High
CVE-2013-7130
was published
for
nova
(pip)
May 17, 2022
OpenStack Cinder LVMVolumeDriver does not zero deleted snapshots
Moderate
CVE-2013-4183
was published
for
cinder
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API