GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
101 advisories
Filter by severity
CSRF tokens leaked in URL by canned query form
Moderate
GHSA-q6j3-c4wc-63vw
was published
for
datasette
(pip)
Aug 11, 2020
Potential API key leak
Moderate
GHSA-63rq-p8fp-524q
was published
for
sopel-modules.weather
(pip)
Apr 13, 2021
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates
Moderate
CVE-2021-4180
was published
for
tripleo-heat-templates
(pip)
Mar 24, 2022
Information disclosure vulnerability in OnionShare
Moderate
CVE-2021-41867
was published
for
onionshare-cli
(pip)
Nov 19, 2021
OpenStack Compute (Nova) Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2014-3517
was published
for
nova
(pip)
May 14, 2022
OpenStack Cinder Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2014-3641
was published
for
cinder
(pip)
May 17, 2022
OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file
Moderate
CVE-2015-5163
was published
for
glance
(pip)
May 17, 2022
OpenStack Object Storage (Swift) Sensitive Data Exposure
Moderate
CVE-2015-5223
was published
for
swift
(pip)
May 14, 2022
Weblate user account enumeration via reset password form
Moderate
CVE-2017-5537
was published
for
weblate
(pip)
May 17, 2022
aptdaemon Information Disclosure via Improper Input Validation in Transaction class
Moderate
CVE-2020-15703
was published
for
aptdaemon
(pip)
May 24, 2022
OpenStack Swift Discloses Secret URLs to Timing Attack
Moderate
CVE-2014-0006
was published
for
swift
(pip)
May 17, 2022
Mailman Sensitive Information Disclosure
Moderate
CVE-2004-0412
was published
for
mailman
(pip)
Apr 29, 2022
FTP backend for Duplicity Discloses Passwords to Process Listing
Moderate
CVE-2007-5201
was published
for
duplicity
(pip)
May 1, 2022
`Cookie` HTTP header isn't stripped on cross-origin redirects
Moderate
CVE-2023-43804
was published
for
urllib3
(pip)
Oct 2, 2023
Authorization Header forwarded on redirect
Moderate
CVE-2018-25091
was published
for
urllib3
(pip)
Oct 15, 2023
Information disclosure in AccessControl
Moderate
CVE-2023-41050
was published
for
AccessControl
(pip)
Sep 7, 2023
urllib3's request body not stripped after redirect from 303 status changes request method to GET
Moderate
CVE-2023-45803
was published
for
urllib3
(pip)
Oct 17, 2023
Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users
Moderate
CVE-2023-40570
was published
for
datasette
(pip)
Aug 22, 2023
Apache Superset vulnerable to Exposure of Sensitive Information
Moderate
CVE-2023-30776
was published
for
apache-superset
(pip)
Jul 6, 2023
yt-dlp File Downloader cookie leak
Moderate
CVE-2023-35934
was published
for
yt-dlp
(pip)
Jul 6, 2023
Fides Information Disclosure Vulnerability in Config API Endpoint
Moderate
CVE-2023-46125
was published
for
ethyca-fides
(pip)
Oct 24, 2023
Apache Airflow vulnerable to sensitive information exposure
Moderate
CVE-2023-42663
was published
for
apache-airflow
(pip)
Oct 14, 2023
web2py exposure of sensitive information
Moderate
CVE-2016-3954
was published
for
web2py
(pip)
May 14, 2022
Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-42505
was published
for
apache-superset
(pip)
Nov 28, 2023
Clear Text Credentials Exposed via Onboarding Task
Moderate
CVE-2023-48700
was published
for
nautobot-device-onboarding
(pip)
Nov 21, 2023
ProTip!
Advisories are also available from the
GraphQL API