GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
28 advisories
Filter by severity
open-webui allows enumeration of file names and traversal of directories by observing the error messages
Low
CVE-2024-7038
was published
for
open-webui
(pip)
Oct 9, 2024
Sentry's Python SDK unintentionally exposes environment variables to subprocesses
Low
CVE-2024-40647
was published
for
sentry-sdk
(pip)
Jul 18, 2024
Unauthenticated views may expose information to anonymous users
Low
CVE-2024-29199
was published
for
nautobot
(pip)
Mar 26, 2024
Unauthenticated db-file-storage views
Low
CVE-2023-50263
was published
for
nautobot
(pip)
Dec 13, 2023
Wagtail vulnerable to disclosure of user names via admin bulk action views
Low
CVE-2023-45809
was published
for
wagtail
(pip)
Oct 19, 2023
vantage6 does not properly delete linked resources when deleting a collaboration
Low
CVE-2023-41881
was published
for
vantage6
(pip)
Oct 16, 2023
Temporary File Information Disclosure vulnerability in MPXJ
Low
CVE-2022-41954
was published
for
mpxj
(Maven)
Nov 28, 2022
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings
Low
CVE-2022-31177
was published
for
Flask-AppBuilder
(pip)
Jul 29, 2022
OpenStack Nova can leak consoleauth token into log files
Low
CVE-2015-9543
was published
for
Nova
(pip)
May 24, 2022
OpenStack Cinder LVMVolumeDriver does not zero deleted snapshots
Low
CVE-2013-4183
was published
for
cinder
(pip)
May 17, 2022
OpenStack Keystone Sensitive information disclosure via log files
Low
CVE-2013-2006
was published
for
keystone
(pip)
May 17, 2022
OpenStack Nova host data leak to vm instance in rescue mode
Low
CVE-2014-0134
was published
for
nova
(pip)
May 17, 2022
ceph-deploy uses world-readable permissions on client.admin key
Low
CVE-2015-4053
was published
for
ceph-deploy
(pip)
May 17, 2022
ceph-deploy allows local users to obtain sensitive information by reading the file
Low
CVE-2015-3010
was published
for
ceph-deploy
(pip)
May 17, 2022
Salt uses weak permissions on the cache data
Low
CVE-2015-8034
was published
for
salt
(pip)
May 17, 2022
OpenStack Glance is vulnerable to Exposure of Sensitive Information
Low
CVE-2013-1840
was published
for
glance
(pip)
May 17, 2022
python-keystoneclient unsecure user password update
Low
CVE-2013-2013
was published
for
python-keystoneclient
(pip)
May 17, 2022
OpenStack Heat template URL information leakage
Low
CVE-2014-3801
was published
for
openstack-heat
(pip)
May 14, 2022
Libcloud does not properly scrub data when destroying a DigitalOcean node
Low
CVE-2013-6480
was published
for
apache-libcloud
(pip)
May 14, 2022
OpenStack Oslo utility sensitive information exposure via log files
Low
CVE-2014-7231
was published
for
oslo.utils
(pip)
May 14, 2022
Openstack nova qcow format could expose host filesystem information
Low
CVE-2011-3147
was published
for
nova
(pip)
Apr 22, 2022
Forwarding of confidentials headers to third parties in fluture-node
Low
CVE-2022-24719
was published
for
fluture-node
(npm)
Mar 1, 2022
Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.
Low
CVE-2021-39163
was published
for
matrix-synapse
(pip)
Sep 1, 2021
Improper authorisation of members discloses room membership to non-members
Low
CVE-2021-39164
was published
for
matrix-synapse
(pip)
Sep 1, 2021
ProTip!
Advisories are also available from the
GraphQL API