GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
53 advisories
Filter by severity
RestrictedPython information leakage via `AttributeError.obj` and the `string` module
High
CVE-2024-47532
was published
for
RestrictedPython
(pip)
Sep 30, 2024
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
High
CVE-2024-32498
was published
for
cinder
(pip)
Jul 5, 2024
Jupyter server on Windows discloses Windows user password hash
High
CVE-2024-35178
was published
for
jupyter_server
(pip)
Jun 6, 2024
Duplicate Advisory: Scrapy leaks the authorization header on same-domain but cross-origin redirects
High
GHSA-cg34-w3fm-82h3
was published
for
scrapy
(pip)
May 20, 2024
•
withdrawn
Duplicate Advisory: Scrapy authorization header leakage on cross-domain redirect
High
GHSA-4q82-j5c2-g2c5
was published
for
scrapy
(pip)
Apr 16, 2024
•
withdrawn
Scrapy authorization header leakage on cross-domain redirect
High
CVE-2024-3574
was published
for
scrapy
(pip)
Feb 15, 2024
JupyterLab vulnerable to potential authentication and CSRF tokens leak
High
CVE-2024-22421
was published
for
jupyterlab
(pip)
Jan 19, 2024
Apache DolphinScheduler sensitive information disclosure
High
CVE-2023-48796
was published
for
apache-dolphinscheduler
(Maven)
Nov 24, 2023
Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task
High
CVE-2023-47117
was published
for
label-studio
(pip)
Nov 14, 2023
Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
High
CVE-2023-42781
was published
for
apache-airflow
(pip)
Nov 12, 2023
Nautobot vulnerable to exposure of hashed user passwords via REST API
High
CVE-2023-46128
was published
for
nautobot
(pip)
Oct 24, 2023
`Cookie` HTTP header isn't stripped on cross-origin redirects
High
CVE-2023-43804
was published
for
urllib3
(pip)
Oct 2, 2023
OpenStack Heat information leak vulnerability
High
CVE-2023-1625
was published
for
openstack-heat
(pip)
Sep 24, 2023
Apache Airflow information exposure vulnerability
High
CVE-2023-40712
was published
for
apache-airflow
(pip)
Sep 12, 2023
Apache Airflow denial of service vulnerability
High
CVE-2023-37379
was published
for
apache-airflow
(pip)
Aug 23, 2023
Apache Airflow Execution with Unnecessary Privileges
High
CVE-2023-39508
was published
for
apache-airflow
(pip)
Aug 5, 2023
Apache Airflow information disclosure vulnerability
High
CVE-2022-46651
was published
for
apache-airflow
(pip)
Jul 12, 2023
Apache Airflow vulnerable to exposure of sensitive information
High
CVE-2023-35005
was published
for
apache-airflow
(pip)
Jun 19, 2023
Synapse does not apply enough checks to servers requesting auth events of events in a room
High
CVE-2022-39335
was published
for
matrix-synapse
(pip)
May 24, 2023
Apache Airflow subject to Exposure of Sensitive Information
High
CVE-2022-27949
was published
for
apache-airflow
(pip)
Nov 14, 2022
Phoenix-ws source code and data in extensions folder is publicly available
High
GHSA-c8f7-x2g7-7fxj
was published
for
phoenix-ws
(pip)
Jun 2, 2022
Ansible Exposes Sensitive Information
High
CVE-2021-20228
was published
for
ansible
(pip)
May 25, 2022
Home Assistant information disclosure vulnerability
High
CVE-2018-21019
was published
for
homeassistant
(pip)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API