GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,135 advisories
Filter by severity
Open Redirect in Flask-Security-Too
Low
CVE-2021-32618
was published
for
Flask-Security-Too
(pip)
May 17, 2021
Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error
Low
CVE-2023-34110
was published
for
Flask-AppBuilder
(pip)
Jun 22, 2023
CoreDNS Cache Poisoning via a birthday attack
Low
CVE-2023-30464
was published
for
github.com/coredns/coredns
(Go)
Sep 18, 2024
SpiceDB having multiple caveats on resources of the same type may improperly result in no permission
Low
CVE-2024-46989
was published
for
github.com/authzed/spicedb
(Go)
Sep 18, 2024
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
Low
CVE-2024-47058
was published
for
mautic/core
(Composer)
Sep 18, 2024
Apache Druid: Users can provide MySQL JDBC properties not on allow list
Low
CVE-2024-45537
was published
for
org.apache.druid:druid
(Maven)
Sep 17, 2024
druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability
Low
CVE-2024-45384
was published
for
org.apache.druid.extensions:druid-pac4j
(Maven)
Sep 17, 2024
Infinispan caches credentials in clear text
Low
CVE-2023-5384
was published
for
org.infinispan:infinispan-cachestore-jdbc
(Maven)
Dec 28, 2023
Potential sensitive information disclosed in error reports
Low
CVE-2021-21416
was published
for
django-registration
(pip)
Apr 6, 2021
Timing attack on django-basic-auth-ip-whitelist
Low
CVE-2020-4071
was published
for
django-basic-auth-ip-whitelist
(pip)
Jun 23, 2020
Mattermost Desktop App fails to sufficiently configure Electron Fuses
Low
CVE-2024-45835
was published
for
mattermost-desktop
(npm)
Sep 16, 2024
Mattermost Desktop App fails to safeguard screen capture functionality
Low
CVE-2024-39772
was published
for
mattermost-desktop
(npm)
Sep 16, 2024
lexical-core has multiple soundness issues
Low
GHSA-2326-pfpj-vx3h
was published
for
lexical-core
(Rust)
Sep 16, 2024
Multiple soundness issues in lexical
Low
GHSA-c2hm-mjxv-89r4
was published
for
lexical
(Rust)
Sep 4, 2023
cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code
Low
CVE-2024-22194
was published
for
case-utils
(pip)
Jan 11, 2024
changedetection.io API endpoint is not secured with API token
Low
CVE-2024-23329
was published
for
changedetection.io
(pip)
Jan 23, 2024
Cloudtoken Insufficiently Protects Credentials
Low
CVE-2018-13390
was published
for
cloudtoken
(pip)
May 13, 2022
Cabot Cross Site Scripting (XSS) vulnerability via Endpoint column
Low
CVE-2020-7734
was published
for
cabot
(pip)
May 24, 2022
ceph-deploy allows local users to obtain sensitive information by reading the file
Low
CVE-2015-3010
was published
for
ceph-deploy
(pip)
May 17, 2022
Apache Airflow logs passwords in plaintext
Low
CVE-2020-17511
was published
for
apache-airflow
(pip)
Dec 17, 2020
Incorrect Permission Assignment for Critical Resource in Ansible
Low
CVE-2020-1736
was published
for
ansible
(pip)
Feb 9, 2022
Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations
Low
GHSA-58qw-p7qm-5rvh
was published
for
org.eclipse.jetty:jetty-xml
(Maven)
Jul 10, 2023
Jetty's OpenId Revoked authentication allows one request
Low
CVE-2023-41900
was published
for
org.eclipse.jetty:jetty-openid
(Maven)
Sep 15, 2023
Duplicate Advisory: Keycloak: Leak of configured LDAP bind credentials
Low
GHSA-gmrm-8fx4-66x7
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 18, 2024
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API