Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

183 advisories

Loading
Django-Anymail prone to a timing attack Critical
CVE-2018-6596 was published for django-anymail (pip) Jul 12, 2018
Django vulnerable to information leakage in AuthenticationForm High
CVE-2018-6188 was published for Django (pip) Oct 3, 2018
MarkLee131
Exposure of Sensitive Information to an Unauthorized Actor in urllib3 Critical
CVE-2018-20060 was published for urllib3 (pip) Dec 12, 2018
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark Moderate
CVE-2018-1334 was published for org.apache.spark:spark-core_2.10 (Maven) Mar 14, 2019
Exposure of Sensitive Information to an Unauthorized Actor in ansible Moderate
CVE-2019-10156 was published for ansible (pip) Jul 31, 2019
tdunlap607
Information disclosure in Apache Superset Moderate
CVE-2020-1932 was published for apache-superset (pip) Feb 26, 2020
Users can view database names in Apache Superset Moderate
CVE-2019-12414 was published for apache-superset (pip) Feb 26, 2020
Users able to query database metadata in Apache Superset Moderate
CVE-2019-12413 was published for apache-superset (pip) Feb 26, 2020
CSRF tokens leaked in URL by canned query form Moderate
GHSA-q6j3-c4wc-63vw was published for datasette (pip) Aug 11, 2020
datasette-graphql leaks details of the schema of private database files Low
GHSA-74hv-qjjq-h7g5 was published for datasette-graphql (pip) Nov 24, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Products.PluggableAuthService ZODBRoleManager High
CVE-2021-21336 was published for Products.PluggableAuthService (pip) Mar 8, 2021
chutchut
Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup Moderate
CVE-2021-21360 was published for Products.GenericSetup (pip) Mar 9, 2021
chutchut
Django Channels leakage of session identifiers using legacy AsgiHandler High
CVE-2020-35681 was published for channels (pip) Mar 19, 2021
OMERO.web exposes some unnecessary session information in the page High
CVE-2021-21376 was published for omero-web (pip) Mar 23, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Ansible Low
CVE-2020-1739 was published for ansible (pip) Apr 7, 2021
Exposure of Sensitive Information to an Unauthorized Actor and Insecure Temporary File in Ansible Moderate
CVE-2020-1740 was published for ansible (pip) Apr 7, 2021
Potential API key leak Moderate
GHSA-63rq-p8fp-524q was published for sopel-modules.weather (pip) Apr 13, 2021
Exposure of Sensitive Information to an Unauthorized Actor in ansible Moderate
CVE-2020-1746 was published for ansible (pip) Apr 20, 2021
Plaintext password leak in Apache Superset High
CVE-2020-13952 was published for apache-superset (pip) Apr 30, 2021
Exposure of sensitive information to an unauthorized actor in HyperKitty High
CVE-2021-33038 was published for HyperKitty (pip) Jun 1, 2021
westonsteimel
Temporary urls leaked via logging Low
CVE-2017-8761 was published for swift (pip) Jun 8, 2021
Improper authorisation of members discloses room membership to non-members Low
CVE-2021-39164 was published for matrix-synapse (pip) Sep 1, 2021
0xkasper
Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner. Low
CVE-2021-39163 was published for matrix-synapse (pip) Sep 1, 2021
0xkasper
Scrapy HTTP authentication credentials potentially leaked to target websites Moderate
CVE-2021-41125 was published for Scrapy (pip) Oct 6, 2021
ProTip! Advisories are also available from the GraphQL API