Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,218
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

584 advisories

Loading
Moodle allowed some users without permission to view other users' full names Moderate
CVE-2021-20281 was published for moodle/moodle (Composer) Mar 29, 2021
Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-22134 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Generated Code Contains Local Information Disclosure Vulnerability Moderate
CVE-2021-21364 was published for io.swagger:swagger-codegen (Maven) Mar 11, 2021
JLLeitschuh
Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup Moderate
CVE-2021-21360 was published for Products.GenericSetup (pip) Mar 9, 2021
chutchut
botframework-connector vulnerable to Improper Authentication Moderate
CVE-2021-1725 was published for botframework-connector (npm) Mar 8, 2021
TemporaryFolder on unix-like systems does not limit access to created files Moderate
CVE-2020-15250 was published for junit:junit (Maven) Oct 12, 2020
JLLeitschuh
Sensitive Data Exposure in Apache Ant Moderate
CVE-2020-1945 was published for org.apache.ant:ant (Maven) Sep 14, 2020
Tracking Module in botbait Moderate
CVE-2017-16126 was published for botbait (npm) Sep 1, 2020
CSRF tokens leaked in URL by canned query form Moderate
GHSA-q6j3-c4wc-63vw was published for datasette (pip) Aug 11, 2020
Potentially sensitive data exposure in Symfony Web Socket Bundle Moderate
GHSA-wwgf-3xp7-cxj4 was published for gos/web-socket-bundle (Composer) Jul 7, 2020
phproberto
Http request which redirect to another hostname do not strip authorization header in @actions/http-client Moderate
CVE-2020-11021 was published for @actions/http-client (npm) Apr 29, 2020
IDOR can reveal execution data and logs to unauthorized user in Rundeck Moderate
CVE-2020-11009 was published for org.rundeck:rundeck (Maven) Apr 29, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Keycloak Moderate
CVE-2019-14820 was published for org.keycloak:keycloak-core (Maven) Apr 15, 2020
Local file disclosure in PHPMailer Moderate
CVE-2017-5223 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Users able to query database metadata in Apache Superset Moderate
CVE-2019-12413 was published for apache-superset (pip) Feb 26, 2020
Users can view database names in Apache Superset Moderate
CVE-2019-12414 was published for apache-superset (pip) Feb 26, 2020
Information disclosure in Apache Superset Moderate
CVE-2020-1932 was published for apache-superset (pip) Feb 26, 2020
Ability to expose data in Sylius by using an unintended serialisation group Moderate
CVE-2020-5220 was published for sylius/resource-bundle (Composer) Jan 31, 2020
Apache NiFi process group information disclosure Moderate
CVE-2019-10083 was published for org.apache.nifi:nifi (Maven) Dec 2, 2019
User enumeration leak using switch user functionality in Symfony Moderate
CVE-2019-18886 was published for symfony/security-http (Composer) Dec 2, 2019
SilverStripe Versioned Files module Unpublished files are exposed publicly Moderate
CVE-2019-16409 was published for silverstripe/framework (Composer) Nov 12, 2019
Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms Moderate
CVE-2019-13237 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments Moderate
GHSA-v7x3-7hw7-pcjg was published for renovate (npm) Oct 21, 2019
Exposure of Sensitive Information to an Unauthorized Actor in LibreNMS Moderate
CVE-2019-10667 was published for librenms/librenms (Composer) Oct 11, 2019
Exposure of Sensitive Information to an Unauthorized Actor in ansible Moderate
CVE-2019-10156 was published for ansible (pip) Jul 31, 2019
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database