Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

9,593 advisories

Loading
TemporaryFolder on unix-like systems does not limit access to created files Moderate
CVE-2020-15250 was published for junit:junit (Maven) Oct 12, 2020
JLLeitschuh
Arbitrary File Read in phantom-html-to-pdf High
CVE-2020-7763 was published for phantom-html-to-pdf (npm) Nov 6, 2020
datasette-graphql leaks details of the schema of private database files Low
GHSA-74hv-qjjq-h7g5 was published for datasette-graphql (pip) Nov 24, 2020
Information exposure via query strings in URL Low
GHSA-cq6h-w3mc-57f4 was published for shopware/core (Composer) Dec 21, 2020
Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID High
CVE-2018-10189 was published for mautic/core (Composer) Jan 19, 2021
micschk
botframework-connector vulnerable to Improper Authentication Moderate
CVE-2021-1725 was published for botframework-connector (npm) Mar 8, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Products.PluggableAuthService ZODBRoleManager High
CVE-2021-21336 was published for Products.PluggableAuthService (pip) Mar 8, 2021
chutchut
Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup Moderate
CVE-2021-21360 was published for Products.GenericSetup (pip) Mar 9, 2021
chutchut
Generated Code Contains Local Information Disclosure Vulnerability Moderate
CVE-2021-21364 was published for io.swagger:swagger-codegen (Maven) Mar 11, 2021
JLLeitschuh
Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-22134 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Django Channels leakage of session identifiers using legacy AsgiHandler High
CVE-2020-35681 was published for channels (pip) Mar 19, 2021
OMERO.web exposes some unnecessary session information in the page High
CVE-2021-21376 was published for omero-web (pip) Mar 23, 2021
Information Disclosure in Guava Low
CVE-2020-8908 was published for com.google.guava:guava (Maven) Mar 25, 2021
joshbressers
Moodle allowed some users without permission to view other users' full names Moderate
CVE-2021-20281 was published for moodle/moodle (Composer) Mar 29, 2021
ApiKey secret could be revelated on network issue High
CVE-2021-21421 was published for node-etsy-client (npm) Apr 6, 2021
boly38
Authorization Before Parsing and Canonicalization in jetty Moderate
CVE-2021-28164 was published for org.eclipse.jetty:jetty-webapp (Maven) Apr 6, 2021
charlesk40
Directory exposure in jetty Low
CVE-2021-28163 was published for org.eclipse.jetty:jetty-deploy (Maven) Apr 6, 2021
svarovski
Exposure of Sensitive Information to an Unauthorized Actor in Ansible Low
CVE-2020-1739 was published for ansible (pip) Apr 7, 2021
Insertion of Sensitive Information into Log File, Invocation of Process Using Visible Sensitive Information, and Exposure of Sensitive Information to an Unauthorized Actor in Ansible Moderate
CVE-2020-1753 was published for ansible (pip) Apr 7, 2021
Exposure of Sensitive Information to an Unauthorized Actor and Insecure Temporary File in Ansible Moderate
CVE-2020-1740 was published for ansible (pip) Apr 7, 2021
Potential API key leak Moderate
GHSA-63rq-p8fp-524q was published for sopel-modules.weather (pip) Apr 13, 2021
User (Encrypted) Password Field Being Serialised Low
GHSA-7fjp-g4m7-fx23 was published for pwweb/laravel-core (Composer) Apr 13, 2021
Potential sensitive data exposure in applications using Vaadin 15 Low
GHSA-76f4-fw33-6j2v was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
knoobie
Potential sensitive data exposure in applications using Vaadin 15 Low
CVE-2020-36319 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
knoobie
Exposure of Sensitive Information to an Unauthorized Actor in ansible Moderate
CVE-2020-1746 was published for ansible (pip) Apr 20, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database