GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
169 advisories
Filter by severity
Synapse vulnerable to leak of remote user device information
Moderate
CVE-2023-43796
was published
for
matrix-synapse
(pip)
Oct 31, 2023
Home Assistant vulnerable to account takeover via auth_callback login
Moderate
CVE-2023-41893
was published
for
homeassistant
(pip)
Oct 26, 2023
Nautobot vulnerable to exposure of hashed user passwords via REST API
High
CVE-2023-46128
was published
for
nautobot
(pip)
Oct 24, 2023
Fides Information Disclosure Vulnerability in Config API Endpoint
Moderate
CVE-2023-46125
was published
for
ethyca-fides
(pip)
Oct 24, 2023
Apache Airflow vulnerable to Exposure of Sensitive Information
Moderate
CVE-2023-46288
was published
for
apache-airflow
(pip)
Oct 23, 2023
Wagtail vulnerable to disclosure of user names via admin bulk action views
Low
CVE-2023-45809
was published
for
wagtail
(pip)
Oct 19, 2023
urllib3's request body not stripped after redirect from 303 status changes request method to GET
Moderate
CVE-2023-45803
was published
for
urllib3
(pip)
Oct 17, 2023
vantage6 does not properly delete linked resources when deleting a collaboration
Low
CVE-2023-41881
was published
for
vantage6
(pip)
Oct 16, 2023
Authorization Header forwarded on redirect
Moderate
CVE-2018-25091
was published
for
urllib3
(pip)
Oct 15, 2023
Apache Airflow vulnerable to sensitive information exposure
Moderate
CVE-2023-42663
was published
for
apache-airflow
(pip)
Oct 14, 2023
Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only
Moderate
CVE-2023-45348
was published
for
apache-airflow
(pip)
Oct 14, 2023
Apache Airflow vulnerable to sensitive information exposure when users list warnings for all DAGs
Moderate
CVE-2023-42780
was published
for
apache-airflow
(pip)
Oct 14, 2023
`Cookie` HTTP header isn't stripped on cross-origin redirects
Moderate
CVE-2023-43804
was published
for
urllib3
(pip)
Oct 2, 2023
OpenStack Heat information leak vulnerability
High
CVE-2023-1625
was published
for
openstack-heat
(pip)
Sep 24, 2023
Apache Airflow information exposure vulnerability
Moderate
CVE-2023-40712
was published
for
apache-airflow
(pip)
Sep 12, 2023
Information disclosure in AccessControl
Moderate
CVE-2023-41050
was published
for
AccessControl
(pip)
Sep 7, 2023
Apache Airflow denial of service vulnerability
High
CVE-2023-37379
was published
for
apache-airflow
(pip)
Aug 23, 2023
Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users
Moderate
CVE-2023-40570
was published
for
datasette
(pip)
Aug 22, 2023
Apache Airflow Execution with Unnecessary Privileges
High
CVE-2023-39508
was published
for
apache-airflow
(pip)
Aug 5, 2023
Apache Airflow information disclosure vulnerability
Moderate
CVE-2022-46651
was published
for
apache-airflow
(pip)
Jul 12, 2023
yt-dlp File Downloader cookie leak
Moderate
CVE-2023-35934
was published
for
yt-dlp
(pip)
Jul 6, 2023
Apache Superset vulnerable to Exposure of Sensitive Information
Moderate
CVE-2023-30776
was published
for
apache-superset
(pip)
Jul 6, 2023
Apache Airflow vulnerable to exposure of sensitive information
Moderate
CVE-2023-35005
was published
for
apache-airflow
(pip)
Jun 19, 2023
Synapse does not apply enough checks to servers requesting auth events of events in a room
Moderate
CVE-2022-39335
was published
for
matrix-synapse
(pip)
May 24, 2023
Unintended leak of Proxy-Authorization header in requests
Moderate
CVE-2023-32681
was published
for
requests
(pip)
May 22, 2023
ProTip!
Advisories are also available from the
GraphQL API