Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

233 advisories

Loading
Moodle uses predictable password-recovery tokens High
CVE-2015-5267 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
OpenStack Ironic Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2016-4985 was published for ironic (pip) May 13, 2022
Exposure of repository credentials to external third-party sources in Rancher High
CVE-2021-36778 was published for github.com/rancher/rancher (Go) May 2, 2022
dasMulli
Apache Tomcat allows remote attackers to read JSP source files High
CVE-2005-4836 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
Apache Tomcat Source Code Disclosure High
CVE-2002-1394 was published for org.apache.tomcat:tomcat (Maven) Apr 30, 2022
JBoss AS may expose root content if excluded-contexts list is mismatched High
CVE-2012-1094 was published for org.jboss.as:jboss-as-server (Maven) Apr 23, 2022
Information Exposure in Apache Tapestry High
CVE-2021-30638 was published for org.apache.tapestry:tapestry-core (Maven) Mar 18, 2022
Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI High
CVE-2022-25512 was published for FreeTAKServer-UI (pip) Mar 12, 2022
Exposure of Sensitive Information to an Unauthorized Actor in PhpMyAdmin High
CVE-2022-0813 was published for phpmyadmin/phpmyadmin (Composer) Mar 11, 2022
Incorrect Authorization in @uppy/companion High
CVE-2022-0528 was published for @uppy/companion (npm) Mar 4, 2022
containerd CRI plugin: Insecure handling of image volumes High
CVE-2022-23648 was published for github.com/containerd/containerd (Go) Mar 2, 2022
felixwilhelm
Cookie exposure in requestretry High
CVE-2022-0654 was published for requestretry (npm) Feb 24, 2022
Exposure of server configuration in github.com/go-vela/server High
CVE-2020-26294 was published for github.com/go-vela/compiler (Go) Feb 15, 2022
matt-fevold wass3r
Puma used with Rails may lead to Information Exposure High
CVE-2022-23634 was published for puma (RubyGems) Feb 11, 2022
byroot
Exposure of information in Action Pack High
CVE-2022-23633 was published for actionpack (RubyGems) Feb 11, 2022
byroot
Insecure template handling in Express-handlebars High
CVE-2021-32820 was published for express-handlebars (npm) Feb 10, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Concord High
CVE-2020-10591 was published for com.walmartlabs.concord.docker:concord-common (Maven) Feb 10, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat High
CVE-2020-17527 was published for org.apache.tomcat:tomcat-coyote (Maven) Feb 9, 2022
sunSUNQ
Cookie and header exposure in twisted High
CVE-2022-21712 was published for twisted (pip) Feb 7, 2022
ranjit-git alex
twm
Path traversal and dereference of symlinks in Argo CD High
CVE-2022-24348 was published for github.com/argoproj/argo-cd (Go) Feb 7, 2022
Exposure of Sensitive Information in simple-get High
CVE-2022-0355 was published for simple-get (npm) Jan 28, 2022
node-fetch forwards secure headers to untrusted sites High
CVE-2022-0235 was published for node-fetch (npm) Jan 21, 2022
kurt-r2c
Exposure of Sensitive Information to an Unauthorized Actor in microweber High
CVE-2022-0281 was published for microweber/microweber (Composer) Jan 21, 2022
Insertion of Sensitive Information into Log File in Apache NiFi High
CVE-2020-1942 was published for org.apache.nifi:nifi-framework-core (Maven) Jan 6, 2022
Opencast publishes global system account credentials High
CVE-2018-16153 was published for org.opencastproject:opencast-common (Maven) Dec 14, 2021
gregorydlogan lkiesow
smarquard
ProTip! Advisories are also available from the GraphQL API