GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
980 advisories
Filter by severity
OpenStack Swift Discloses Secret URLs to Timing Attack
High
CVE-2014-0006
was published
for
swift
(pip)
May 17, 2022
OpenStack Nova host data leak to vm instance in rescue mode
Low
CVE-2014-0134
was published
for
nova
(pip)
May 17, 2022
OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file
High
CVE-2015-5163
was published
for
glance
(pip)
May 17, 2022
OpenStack Nova Live migration can leak root disk into ephemeral storage
High
CVE-2013-7130
was published
for
nova
(pip)
May 17, 2022
OpenStack Cinder LVMVolumeDriver does not zero deleted snapshots
Moderate
CVE-2013-4183
was published
for
cinder
(pip)
May 17, 2022
Cookie and header exposure in twisted
High
CVE-2022-21712
was published
for
Twisted
(pip)
Feb 7, 2022
Rancher Helm Applications may have sensitive values leaked
Moderate
CVE-2024-52282
was published
for
github.com/rancher/rancher
(Go)
Nov 20, 2024
github.com/rancher/steve's users can issue watch commands for arbitrary resources
High
CVE-2024-52280
was published
for
github.com/rancher/steve
(Go)
Nov 20, 2024
MotionEye allows attackers to access sensitive information
High
CVE-2022-25568
was published
for
motioneye
(pip)
Mar 25, 2022
OpenStack Glance logs user name and password in cleartext
Moderate
CVE-2013-0212
was published
for
glance
(pip)
May 5, 2022
Apache Ignite communicates to an external PHP server where sensitive information is sent
High
CVE-2017-7686
was published
for
org.apache.ignite:ignite-core
(Maven)
Oct 16, 2018
Tryton allows users to read the hashed password
Moderate
CVE-2016-1241
was published
for
trytond
(pip)
May 17, 2022
Tryton allow authenticated users with certain permissions to read arbitrary files via the name parameter
Moderate
CVE-2016-1242
was published
for
trytond
(pip)
May 17, 2022
Unauthenticated db-file-storage views
Low
CVE-2023-50263
was published
for
nautobot
(pip)
Dec 13, 2023
Clear Text Credentials Exposed via Onboarding Task
Moderate
CVE-2023-48700
was published
for
nautobot-device-onboarding
(pip)
Nov 21, 2023
OpenStack Nova Information leak in libvirt LVM-backed instances
Moderate
CVE-2012-5625
was published
for
nova
(pip)
May 17, 2022
Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task
High
CVE-2023-47117
was published
for
label-studio
(pip)
Nov 14, 2023
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
Critical
CVE-2023-43791
was published
for
label-studio
(pip)
Nov 9, 2023
OpenStack Keystone Sensitive information disclosure via log files
Low
CVE-2013-2006
was published
for
keystone
(pip)
May 17, 2022
DIRAC's TokenManager does not check permissions on cached tokens
Critical
CVE-2024-24825
was published
for
DIRAC
(pip)
Feb 8, 2024
Apache DolphinScheduler sensitive information disclosure
High
CVE-2023-48796
was published
for
apache-dolphinscheduler
(Maven)
Nov 24, 2023
gnark's Groth16 commitment extension unsound for more than one commitment
Moderate
CVE-2024-45039
was published
for
github.com/consensys/gnark
(Go)
Sep 6, 2024
Graylog concurrent PDF report rendering can leak other users' reports
High
CVE-2024-52506
was published
for
org.graylog:graylog-parent
(Maven)
Nov 18, 2024
Weblate user account enumeration via reset password form
Moderate
CVE-2017-5537
was published
for
weblate
(pip)
May 17, 2022
Comment reply notifications sent to incorrect users
Moderate
CVE-2022-21683
was published
for
wagtail
(pip)
Jan 21, 2022
ProTip!
Advisories are also available from the
GraphQL API