Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,978
Maven
5,000+
npm
3,698
NuGet
656
pip
3,315
Pub
11
RubyGems
882
Rust
832
Swift
35
Unreviewed advisories
All unreviewed
5,000+

101 advisories

Loading
Scrapy HTTP authentication credentials potentially leaked to target websites Moderate
CVE-2021-41125 was published for Scrapy (pip) Oct 6, 2021
Roundup sensitive data disclosure vulnerability Moderate
CVE-2014-6276 was published for roundup (pip) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Requests Moderate
CVE-2014-1829 was published for requests (pip) May 17, 2022
sosreport sensitive information disclosure via weak permissions of the generated archives Moderate
CVE-2015-3171 was published for sosreport (pip) May 13, 2022
Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy Moderate
CVE-2022-0577 was published for scrapy (pip) Mar 1, 2022
ranjit-git
Exposure of Sensitive Information to an Unauthorized Actor in Requests Moderate
CVE-2014-1830 was published for requests (pip) May 14, 2022
salt leaks git usernames and passwords to the log Moderate
CVE-2015-6918 was published for salt (pip) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark Moderate
CVE-2018-1334 was published for org.apache.spark:spark-core_2.10 (Maven) Mar 14, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup Moderate
CVE-2021-21360 was published for Products.GenericSetup (pip) Mar 9, 2021
chutchut
Plone is vulnerable to information exposure via the object manager implementation Moderate
CVE-2013-4196 was published for plone (pip) May 17, 2022
Plone vulnerable to unauthorized disclosure of site content Moderate
CVE-2016-4042 was published for Plone (pip) May 17, 2022
Plone is vulnerable to File System Path Exposure Moderate
CVE-2013-4194 was published for plone (pip) May 17, 2022
Plone Filesystem path information leak Moderate
CVE-2013-7060 was published for Products.CMFPlone (pip) May 17, 2022
Plone is vulnerable to Information Exposure when generating zip archives Moderate
CVE-2013-4191 was published for plone (pip) May 17, 2022
Exposure of Sensitive Information in Plone Moderate
CVE-2012-5508 was published for Plone (pip) May 17, 2022
Plone User account enumeration via crafted URL Moderate
CVE-2012-5497 was published for plone (pip) May 17, 2022
tdunlap607
Plone Information Disclosure Moderate
CVE-2012-5491 was published for Plone (pip) May 17, 2022
Gradio has several components with post-process steps allow arbitrary file leaks Moderate
CVE-2024-47868 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
Plone Metadata Disclosure Moderate
CVE-2012-5492 was published for Plone (pip) May 17, 2022
OMERO-web Sensitive Data Exposure Moderate
CVE-2020-7932 was published for omero-web (pip) May 24, 2022
Apache Superset: Improper error handling on alerts Moderate
CVE-2024-27315 was published for apache-superset (pip) Feb 28, 2024
oscerd
jwcrypto lacks the Random Filling protection mechanism Moderate
CVE-2016-6298 was published for jwcrypto (pip) May 17, 2022
openstack-heat may disclose sensitive information Moderate
CVE-2024-7319 was published for openstack-heat (pip) Aug 2, 2024
Exposure of Sensitive Information to an Unauthorized Actor in httpie Moderate
CVE-2022-24737 was published for httpie (pip) Mar 7, 2022
Home Assistant vulnerable to account takeover via auth_callback login Moderate
CVE-2023-41893 was published for homeassistant (pip) Oct 26, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database