GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
233 advisories
Filter by severity
Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak
High
CVE-2020-1940
was published
for
org.apache.jackrabbit:oak-core
(Maven)
Dec 10, 2021
Unrestricted access to predictable file paths in hov/jobfair
High
CVE-2021-43564
was published
for
hov/jobfair
(Composer)
Nov 15, 2021
Splash authentication credentials potentially leaked to target websites
High
CVE-2021-41124
was published
for
scrapy-splash
(pip)
Oct 6, 2021
Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS
High
CVE-2021-41120
was published
for
sylius/paypal-plugin
(Composer)
Oct 6, 2021
LiveQuery publishes user session tokens in parse-server
High
CVE-2021-41109
was published
for
parse-server
(npm)
Sep 30, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Apache Santuario
High
CVE-2021-40690
was published
for
org.apache.santuario:xmlsec
(Maven)
Sep 20, 2021
Any storage file can be downloaded from p.sh if full server path is known
High
GHSA-2rh5-jvgx-pgw3
was published
for
ezsystems/ezplatform
(Composer)
Sep 14, 2021
Any storage file can be downloaded from p.sh if full server path is known
High
GHSA-gqcf-83rq-gpfr
was published
for
ibexa/post-install
(Composer)
Sep 14, 2021
Exposure of Sensitive Information to an Unauthorized Actor
High
CVE-2021-32717
was published
for
shopware/platform
(Composer)
Sep 8, 2021
Basic-auth app bundle credential exposure in gatsby-source-wordpress
High
CVE-2021-32770
was published
for
gatsby-source-wordpress
(npm)
Jul 19, 2021
Private files publicly accessible with Cloud Storage providers
High
GHSA-vrf2-xghr-j52v
was published
for
shopware/core
(Composer)
Jun 28, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
High
CVE-2021-25122
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jun 16, 2021
Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox
High
CVE-2021-20259
was published
for
foreman_fog_proxmox
(RubyGems)
Jun 10, 2021
Exposure of sensitive information to an unauthorized actor in HyperKitty
High
CVE-2021-33038
was published
for
HyperKitty
(pip)
Jun 1, 2021
Lookup function information discolosure in helm
High
CVE-2020-11013
was published
for
helm.sh/helm/v3
(Go)
May 27, 2021
Private Field data leak
High
CVE-2021-32624
was published
for
@keystonejs/keystone
(npm)
May 27, 2021
Potential memory exposure in dns-packet
High
CVE-2021-23386
was published
for
dns-packet
(npm)
May 24, 2021
Information Disclosure in HashiCorp Vault
High
CVE-2020-13223
was published
for
github.com/hashicorp/vault
(Go)
May 18, 2021
Insecure template handling in Squirrelly
High
CVE-2021-32819
was published
for
squirrelly
(npm)
May 17, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket
High
CVE-2020-11976
was published
for
org.apache.wicket:wicket-core
(Maven)
May 7, 2021
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability
High
CVE-2021-22885
was published
for
actionpack
(RubyGems)
May 5, 2021
Plaintext password leak in Apache Superset
High
CVE-2020-13952
was published
for
apache-superset
(pip)
Apr 30, 2021
.NET Core Information Disclosure
High
CVE-2018-8292
was published
for
System.Net.Http
(NuGet)
Apr 21, 2021
ApiKey secret could be revelated on network issue
High
CVE-2021-21421
was published
for
node-etsy-client
(npm)
Apr 6, 2021
Django Channels leakage of session identifiers using legacy AsgiHandler
High
CVE-2020-35681
was published
for
channels
(pip)
Mar 19, 2021
ProTip!
Advisories are also available from the
GraphQL API