GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
103 advisories
Filter by severity
Moodle has user information visibility control issues in gradebook reports
Low
CVE-2024-43429
was published
for
moodle/moodle
(Composer)
Nov 11, 2024
Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient
Low
CVE-2024-50342
was published
for
symfony/http-client
(Composer)
Nov 6, 2024
open-webui allows enumeration of file names and traversal of directories by observing the error messages
Low
CVE-2024-7038
was published
for
open-webui
(pip)
Oct 9, 2024
OpenTofu potential leaking of secret variable values when using static evaluation in v1.8
Low
GHSA-wpr2-j6gr-pjw9
was published
for
github.com/opentofu/opentofu
(Go)
Oct 3, 2024
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials
Low
CVE-2024-47197
was published
for
org.apache.maven.plugins:maven-archetype-plugin
(Maven)
Sep 26, 2024
Sentry's Python SDK unintentionally exposes environment variables to subprocesses
Low
CVE-2024-40647
was published
for
sentry-sdk
(pip)
Jul 18, 2024
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go
Low
GHSA-xr7q-jx4m-x55m
was published
for
google.golang.org/grpc
(Go)
Jul 5, 2024
Exposure of secrets through system log in Jenkins Structs Plugin
Low
CVE-2024-39458
was published
for
org.jenkins-ci.plugins:structs
(Maven)
Jun 26, 2024
Password hash exposed in CraftCMS two factor authentication plugin
Low
CVE-2024-5657
was published
for
born05/craft-twofactorauthentication
(Composer)
Jun 6, 2024
Grafana Forward OAuth Identity Token can allow users to access some data sources
Low
CVE-2022-21673
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Kimai information disclosure vulnerability
Low
CVE-2024-4596
was published
for
kimai/kimai
(Composer)
May 7, 2024
Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output
Low
GHSA-j5vm-7qcc-2wwg
was published
for
github.com/kopia/kopia
(Go)
Apr 10, 2024
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Low
CVE-2024-30260
was published
for
undici
(npm)
Apr 4, 2024
Unauthenticated views may expose information to anonymous users
Low
CVE-2024-29199
was published
for
nautobot
(pip)
Mar 26, 2024
In Quarkus, git credentials could be inadvertently published
Low
CVE-2024-1979
was published
for
io.quarkus:quarkus-kubernetes-deployment
(Maven)
Mar 13, 2024
Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin
Low
GHSA-68c2-4mpx-qh95
was published
for
@sentry/react-native
(npm)
Mar 1, 2024
Mattermost race condition
Low
CVE-2024-1949
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost incorrectly allows access individual posts
Low
CVE-2024-1952
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Apache Camel data exposure vulnerability
Low
CVE-2024-22371
was published
for
org.apache.camel:camel-core
(Maven)
Feb 26, 2024
Undici proxy-authorization header not cleared on cross-origin redirect in fetch
Low
CVE-2024-24758
was published
for
undici
(npm)
Feb 16, 2024
Unauthenticated db-file-storage views
Low
CVE-2023-50263
was published
for
nautobot
(pip)
Dec 13, 2023
Brute force exploit can be used to collect valid usernames
Low
CVE-2023-49278
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email.
Low
CVE-2023-49274
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files
Low
CVE-2023-43123
was published
for
org.apache.storm:storm-core
(Maven)
Nov 23, 2023
ProTip!
Advisories are also available from the
GraphQL API