GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
108 advisories
Filter by severity
Exposure of SSH credentials in Rancher/Fleet
Low
GHSA-wm2r-rp98-8pmh
was published
for
github.com/rancher/rancher
(Go)
Apr 27, 2022
Sensitive Data Exposure in loopback
Low
GHSA-724c-6vrf-99rq
was published
for
loopback
(npm)
Sep 2, 2020
Potential sensitive data exposure in applications using Vaadin 15
Low
GHSA-76f4-fw33-6j2v
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
datasette-graphql leaks details of the schema of private database files
Low
GHSA-74hv-qjjq-h7g5
was published
for
datasette-graphql
(pip)
Nov 24, 2020
Information exposure via query strings in URL
Low
GHSA-cq6h-w3mc-57f4
was published
for
shopware/core
(Composer)
Dec 21, 2020
User (Encrypted) Password Field Being Serialised
Low
GHSA-7fjp-g4m7-fx23
was published
for
pwweb/laravel-core
(Composer)
Apr 13, 2021
User enumeration in authentication mechanisms
Low
GHSA-g2qj-pmxm-9f8f
was published
for
symfony/security-http
(Composer)
May 17, 2021
User enumeration in authentication mechanisms
Low
GHSA-2frx-j9hj-6c65
was published
for
lexik/jwt-authentication-bundle
(Composer)
May 17, 2021
rest-client allows local users to obtain sensitive information by reading the log
Low
CVE-2015-3448
was published
for
rest-client
(RubyGems)
Oct 24, 2017
Exposure of Sensitive Information to an Unauthorized Actor in Oracle MySQL Connectors Java
Low
CVE-2017-3589
was published
for
mysql:mysql-connector-java
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in JBoss Fuse
Low
CVE-2014-0085
was published
for
org.jboss.fuse:jboss-fuse
(Maven)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins-mailer-plugin
Low
CVE-2017-2651
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Low
CVE-2017-2603
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
Low
CVE-2013-2071
was published
for
org.apache.tomcat:tomcat
(Maven)
May 17, 2022
Tailscale daemon is vulnerable to information disclosure via CSRF
Low
CVE-2022-41925
was published
for
tailscale.com/cmd
(Go)
Nov 21, 2022
Jenkins GitHub Pull Request Builder Plugin
Low
CVE-2018-1000143
was published
for
org.jenkins-ci.plugins:ghprb
(Maven)
May 14, 2022
Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users
Low
CVE-2018-1000150
was published
for
org.jenkins-ci.plugins:reverse-proxy-auth-plugin
(Maven)
May 14, 2022
Traefik may display authorization header in the debug logs
Low
CVE-2022-23469
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 8, 2022
Potential sensitive data exposure in applications using Vaadin 15
Low
CVE-2020-36319
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Exposure of Sensitive Information in Jenkins Datadog plugin
Low
CVE-2017-1000114
was published
for
org.datadog.jenkins.plugins:datadog
(Maven)
May 17, 2022
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings
Low
CVE-2022-31177
was published
for
Flask-AppBuilder
(pip)
Jul 29, 2022
Directory exposure in jetty
Low
CVE-2021-28163
was published
for
org.eclipse.jetty:jetty-deploy
(Maven)
Apr 6, 2021
Insecure temporary file usage in Jenkins Git Client Plugin
Low
CVE-2017-1000242
was published
for
org.jenkins-ci.plugins:git-client
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API