Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

95 advisories

Loading
CSRF tokens leaked in URL by canned query form Moderate
GHSA-q6j3-c4wc-63vw was published for datasette (pip) Aug 11, 2020
Potential API key leak Moderate
GHSA-63rq-p8fp-524q was published for sopel-modules.weather (pip) Apr 13, 2021
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates Moderate
CVE-2021-4180 was published for tripleo-heat-templates (pip) Mar 24, 2022
Information disclosure vulnerability in OnionShare Moderate
CVE-2021-41867 was published for onionshare-cli (pip) Nov 19, 2021
OpenStack Compute (Nova) Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2014-3517 was published for nova (pip) May 14, 2022
OpenStack Cinder Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2014-3641 was published for cinder (pip) May 17, 2022
OpenStack Object Storage (Swift) Sensitive Data Exposure Moderate
CVE-2015-5223 was published for swift (pip) May 14, 2022
aptdaemon Information Disclosure via Improper Input Validation in Transaction class Moderate
CVE-2020-15703 was published for aptdaemon (pip) May 24, 2022
Mailman Sensitive Information Disclosure Moderate
CVE-2004-0412 was published for mailman (pip) Apr 29, 2022
FTP backend for Duplicity Discloses Passwords to Process Listing Moderate
CVE-2007-5201 was published for duplicity (pip) May 1, 2022
Information disclosure in AccessControl Moderate
CVE-2023-41050 was published for AccessControl (pip) Sep 7, 2023
d-maurer
Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users Moderate
CVE-2023-40570 was published for datasette (pip) Aug 22, 2023
Apache Superset vulnerable to Exposure of Sensitive Information Moderate
CVE-2023-30776 was published for apache-superset (pip) Jul 6, 2023
yt-dlp File Downloader cookie leak Moderate
CVE-2023-35934 was published for yt-dlp (pip) Jul 6, 2023
Grub4K bashonly
coletdjnz
Fides Information Disclosure Vulnerability in Config API Endpoint Moderate
CVE-2023-46125 was published for ethyca-fides (pip) Oct 24, 2023
h0wl
Apache Airflow vulnerable to sensitive information exposure Moderate
CVE-2023-42663 was published for apache-airflow (pip) Oct 14, 2023
web2py exposure of sensitive information Moderate
CVE-2016-3954 was published for web2py (pip) May 14, 2022
Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-42505 was published for apache-superset (pip) Nov 28, 2023
OpenStack Keystone Logs Passwords Moderate
CVE-2015-3646 was published for keystone (pip) May 13, 2022
User accounts disclosed to unauthenticated actors on the LAN Moderate
CVE-2023-50715 was published for homeassistant (pip) Dec 15, 2023
r01k
Exposure of Sensitive Information in mltable Moderate
CVE-2023-35625 was published for mltable (pip) Dec 12, 2023
Synapse vulnerable to leak of remote user device information Moderate
CVE-2023-43796 was published for matrix-synapse (pip) Oct 31, 2023
NoneBot Potential Information Leak in User-Constructed Message Templates Moderate
CVE-2024-21624 was published for nonebot2 (pip) Feb 9, 2024
mnixry
Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only Moderate
CVE-2023-45348 was published for apache-airflow (pip) Oct 14, 2023
sunSUNQ
Unintended leak of Proxy-Authorization header in requests Moderate
CVE-2023-32681 was published for requests (pip) May 22, 2023
SmashITs tobiasfunke1
sethmlarson nateprewitt
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database