Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

70 advisories

Loading
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible Moderate
CVE-2020-10744 was published for ansible (pip) Feb 9, 2022
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible Moderate
CVE-2020-10685 was published for ansible (pip) Apr 7, 2021
Ansible vulnerable to Exposure of Resource to Wrong Sphere and Insecure Temporary File Moderate
CVE-2020-1733 was published for ansible (pip) Apr 20, 2021
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible Moderate
CVE-2019-14905 was published for ansible (pip) Apr 20, 2021
Apache Airflow vulnerable to privilege escalation Moderate
CVE-2023-42792 was published for apache-airflow (pip) Oct 14, 2023
Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library Moderate
CVE-2022-30187 was published for Azure.Storage.Blobs (Maven) Jul 13, 2022
andrewpollock
wolfictl leaks GitHub tokens to remote non-GitHub git servers Moderate
CVE-2024-35183 was published for github.com/wolfi-dev/wolfictl (Go) May 15, 2024
luhring
Moodle Insecure direct object reference (IDOR) in a calendar web service Moderate
CVE-2021-43560 was published for moodle/moodle (Composer) May 24, 2022
Unauthenticated Sensitive Information Disclosure vulnerability Moderate
CVE-2022-34867 was published for libreform/libreform (Composer) Sep 7, 2022
Dolibarr Stored Cross-site Scripting Moderate
CVE-2020-13240 was published for dolibarr/dolibarr (Composer) May 24, 2022
Moodle No groups filtering in H5P activity attempts report Moderate
CVE-2022-40316 was published for moodle/moodle (Composer) Oct 1, 2022
Moodle Unauthorized searching of arbitrary blogs by typing full url Moderate
CVE-2017-7490 was published for moodle/moodle (Composer) May 13, 2022
JetPack Exposure of Resource to Wrong Sphere Moderate
CVE-2021-24374 was published for automattic/jetpack (Composer) May 24, 2022
Moodle may display roles to users who don't have access to them Moderate
CVE-2023-1402 was published for moodle/moodle (Composer) Mar 23, 2023
Moodle may allow teachers to access the names of users they could not otherwise access Moderate
CVE-2023-28336 was published for moodle/moodle (Composer) Mar 23, 2023
IPv6 enabled on IPv4-only network interfaces Moderate
CVE-2024-32473 was published for github.com/docker/docker (Go) Apr 18, 2024
robmry corhere
gabriellavengeo akerouanton
Apache Airflow: DAG Code and Import Error Permissions Ignored Moderate
CVE-2024-27906 was published for apache-airflow (pip) Feb 29, 2024
oscerd sunSUNQ
TemporaryFolder on unix-like systems does not limit access to created files Moderate
CVE-2022-41946 was published for org.postgresql:postgresql (Maven) Nov 23, 2022
JLLeitschuh vlsi
containerd environment variable leak Moderate
CVE-2021-21334 was published for github.com/containerd/containerd (Go) Jan 31, 2024
Archive package allows chmod of file outside of unpack target directory Moderate
CVE-2021-32760 was published for github.com/containerd/containerd (Go) Jul 26, 2021
tdunlap607
Duplicate Advisory: httparty has multipart/form-data request tampering vulnerability Moderate
GHSA-g47j-3m2m-74qv was published for httparty (RubyGems) Jan 4, 2024 withdrawn
Apache Airflow vulnerable to Exposure of Resource to Wrong Sphere Moderate
CVE-2023-48291 was published for apache-airflow (pip) Dec 21, 2023
Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs Moderate
CVE-2022-20620 was published for org.jenkins-ci.plugins:ssh-agent (Maven) Jan 13, 2022
westonsteimel
Jenkins JIRA Plugin allows users to select and use credentials with System scope Moderate
CVE-2019-16541 was published for org.jenkins-ci.plugins:jira (Maven) May 24, 2022
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-5545 was published for moodle/moodle (Composer) Nov 9, 2023
ProTip! Advisories are also available from the GraphQL API