Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,639 advisories

Loading
Plaintext password leak in Apache Superset High
CVE-2020-13952 was published for apache-superset (pip) Apr 30, 2021
.NET Core Information Disclosure High
CVE-2018-8292 was published for System.Net.Http (NuGet) Apr 21, 2021
ApiKey secret could be revelated on network issue High
CVE-2021-21421 was published for node-etsy-client (npm) Apr 6, 2021
boly38
OMERO.web exposes some unnecessary session information in the page High
CVE-2021-21376 was published for omero-web (pip) Mar 23, 2021
Django Channels leakage of session identifiers using legacy AsgiHandler High
CVE-2020-35681 was published for channels (pip) Mar 19, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Products.PluggableAuthService ZODBRoleManager High
CVE-2021-21336 was published for Products.PluggableAuthService (pip) Mar 8, 2021
chutchut
Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID High
CVE-2018-10189 was published for mautic/core (Composer) Jan 19, 2021
micschk
Arbitrary File Read in phantom-html-to-pdf High
CVE-2020-7763 was published for phantom-html-to-pdf (npm) Nov 6, 2020
Unauthorized File Access in atompm High
GHSA-v86x-f47q-f7f4 was published for atompm (npm) Sep 11, 2020
Missing Origin Validation in browserify-hmr High
CVE-2018-14730 was published for browserify-hmr (npm) Sep 1, 2020
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS High
CVE-2020-15099 was published for typo3/cms (Composer) Jul 29, 2020
ohader
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS High
CVE-2020-15098 was published for typo3/cms (Composer) Jul 29, 2020
ohader
XML External Entity Injection in XStream High
CVE-2016-3674 was published for com.thoughtworks.xstream:xstream (Maven) Jun 30, 2020
Information disclosure in SSB-DB High
CVE-2020-4045 was published for ssb-db (npm) Jun 11, 2020
mixmix christianbundy
arj03 staltz cryptix
Information disclosure issue in Active Resource High
CVE-2020-8151 was published for activeresource (RubyGems) May 21, 2020
Polymorphic deserialization of malicious object in jackson-databind High
CVE-2019-14892 was published for com.fasterxml.jackson.core:jackson-databind (Maven) May 15, 2020
Information disclosure in parse-server High
CVE-2020-5251 was published for parse-server (npm) Mar 4, 2020
davimacedo
Improper authentication in Symfony High
CVE-2019-10911 was published for symfony/security (Composer) Feb 12, 2020
Arbitrary File Read in html-pdf High
CVE-2019-15138 was published for html-pdf (npm) Oct 11, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Hadoop High
CVE-2018-1296 was published for org.apache.hadoop:hadoop-main (Maven) Feb 12, 2019
Rendertron discloses absolute paths of files High
CVE-2017-18355 was published for rendertron (npm) Feb 12, 2019
Jetty vulnerable to exposure of sensitive information to unauthenticated remote users High
CVE-2015-2080 was published for org.eclipse.jetty:jetty-server (Maven) Nov 9, 2018
Missing Origin Validation in parcel-bundler High
CVE-2018-14731 was published for parcel-bundler (npm) Oct 30, 2018
Private Data Disclosure in express-restify-mongoose High
CVE-2016-10533 was published for express-restify-mongoose (npm) Oct 23, 2018
tdunlap607
Jetty vulnerable to exposure of sensitive information due to observable discrepancy High
CVE-2017-9735 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
westonsteimel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database