GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
908 advisories
Filter by severity
Information disclosure in podman
Moderate
CVE-2020-14370
was published
for
github.com/containers/podman/v2
(Go)
Apr 24, 2024
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
Moderate
CVE-2024-31869
was published
for
apache-airflow
(pip)
Apr 18, 2024
Duplicate Advisory: Scrapy authorization header leakage on cross-domain redirect
High
GHSA-4q82-j5c2-g2c5
was published
for
scrapy
(pip)
Apr 16, 2024
•
withdrawn
phin may include sensitive headers in subsequent requests after redirect
Moderate
GHSA-x565-32qp-m3vf
was published
for
phin
(npm)
Apr 11, 2024
Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output
Low
GHSA-j5vm-7qcc-2wwg
was published
for
github.com/kopia/kopia
(Go)
Apr 10, 2024
XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted
Moderate
CVE-2024-31464
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 10, 2024
Minder GetRepositoryByName data leak
Moderate
CVE-2024-31455
was published
for
github.com/stacklok/minder
(Go)
Apr 9, 2024
Contao: Possible cookie sharing with external domains while checking protected pages for broken links
High
CVE-2024-28235
was published
for
contao/core-bundle
(Composer)
Apr 9, 2024
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Low
CVE-2024-30260
was published
for
undici
(npm)
Apr 4, 2024
Vite's `server.fs.deny` did not deny requests for patterns with directories.
Moderate
CVE-2024-31207
was published
for
vite
(npm)
Apr 3, 2024
Eclipse Vert.x memory leak
Moderate
CVE-2024-1023
was published
for
io.vertx:vertx-core
(Maven)
Mar 27, 2024
Pimcore Preview Documents are not restricted to logged in users anymore
Moderate
CVE-2024-29197
was published
for
pimcore/pimcore
(Composer)
Mar 26, 2024
Unauthenticated views may expose information to anonymous users
Low
CVE-2024-29199
was published
for
nautobot
(pip)
Mar 26, 2024
Storefront user can access history and most viewed data from matching back-office user with the same ID
Moderate
CVE-2023-48296
was published
for
oro/customer-portal
(Composer)
Mar 25, 2024
Pinned entity creation form shows wrong data
Moderate
CVE-2023-45824
was published
for
oro/platform
(Composer)
Mar 25, 2024
Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling
Moderate
CVE-2024-23944
was published
for
org.apache.zookeeper:zookeeper
(Maven)
Mar 15, 2024
Insecure Variable Substitution in Vela
High
CVE-2024-28236
was published
for
github.com/go-vela/worker
(Go)
Mar 14, 2024
follow-redirects' Proxy-Authorization header kept across hosts
Moderate
CVE-2024-28849
was published
for
follow-redirects
(npm)
Mar 14, 2024
In Quarkus, git credentials could be inadvertently published
Low
CVE-2024-1979
was published
for
io.quarkus:quarkus-kubernetes-deployment
(Maven)
Mar 13, 2024
CasaOS-UserService allows unauthorized access to any file
High
CVE-2024-24765
was published
for
github.com/IceWhaleTech/CasaOS-UserService
(Go)
Mar 6, 2024
Helm shows secrets in clear text
Moderate
CVE-2019-25210
was published
for
helm.sh/helm/v3
(Go)
Mar 3, 2024
Directus version number disclosure
Moderate
CVE-2024-27296
was published
for
directus
(npm)
Mar 1, 2024
Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin
Low
GHSA-68c2-4mpx-qh95
was published
for
@sentry/react-native
(npm)
Mar 1, 2024
ProTip!
Advisories are also available from the
GraphQL API