Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

32 advisories

Loading
Sensitive Data Exposure in pem Critical
GHSA-pgcr-7wm4-mcv6 was published for pem (npm) Jun 4, 2019
Exposure of Sensitive Information in Hadoop Critical
CVE-2017-15718 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018
Insecure Permissions in Gogs Critical
CVE-2019-14544 was published for gogs.io/gogs (Go) May 18, 2021
Argo CD will blindly trust JWT claims if anonymous access is enabled Critical
CVE-2022-29165 was published for github.com/argoproj/argo-cd (Go) May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop Critical
CVE-2016-3086 was published for org.apache.hadoop:hadoop-yarn-server-nodemanager (Maven) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Critical
CVE-2017-1000362 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Weave GitOps leaked cluster credentials into logs on connection errors Critical
CVE-2022-31098 was published for github.com/weaveworks/weave-gitops (Go) Jun 23, 2022
stefanprodan
Exposure of Sensitive Information in Jenkins Core Critical
CVE-2016-0791 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor Critical
CVE-2021-32711 was published for shopware/platform (Composer) Sep 8, 2021
Insecure cookie sharing in Hawtio Critical
CVE-2017-2589 was published for io.hawt:project (Maven) May 13, 2022
angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend Critical
CVE-2023-28444 was published for angular-server-side-configuration (npm) Mar 24, 2023
milo526
Improper access control allows admin privilege escalation in Argo CD Critical
CVE-2022-24768 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
Airbrake keys not being filtered Critical
CVE-2019-16060 was published for airbrake-ruby (RubyGems) Sep 11, 2019
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code Critical
CVE-2022-39222 was published for github.com/dexidp/dex (Go) Oct 3, 2022
joernchen bobcallaway
haydentherapper
tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli Critical
GHSA-h24c-6p6p-m3vx was published for github.com/bnb-chain/tss-lib (Go) Sep 1, 2023
Exposure of Sensitive Information to an Unauthorized Actor in urllib3 Critical
CVE-2018-20060 was published for urllib3 (pip) Dec 12, 2018
Anchor CMS Logs Credentials Critical
CVE-2018-7251 was published for anchorcms/anchor-cms (Composer) May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in AEgir Critical
CVE-2020-11059 was published for aegir (npm) May 27, 2020
tdunlap607
Json response for search reveals Solr credentials Critical
GHSA-v6xp-ccvx-w52m was published for ibexa/solr (Composer) Nov 3, 2023
Json response for search reveals Solr credentials Critical
GHSA-7crc-r3wg-cfgf was published for ezsystems/ezplatform-solr-search-engine (Composer) Nov 3, 2023
Argo CD cluster secret might leak in cluster details page Critical
CVE-2023-40029 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 11, 2023
alexmt
SQLpage vulnerable to public exposure of database credentials Critical
CVE-2023-42454 was published for sqlpage (Rust) Sep 21, 2023
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens Critical
CVE-2023-43791 was published for label-studio (pip) Nov 9, 2023
alex-elttam Robbilie
Exposure of Sensitive Information in eventsource Critical
CVE-2022-1650 was published for eventsource (npm) May 13, 2022
macwier veloek
dlannoye
Openstack Magnum Unsafe Credential Handling Critical
CVE-2016-7404 was published for openstack-magnum (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API