GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
8,469 advisories
Filter by severity
Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms
Moderate
CVE-2019-13237
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments
Moderate
GHSA-v7x3-7hw7-pcjg
was published
for
renovate
(npm)
Oct 21, 2019
Exposure of Sensitive Information to an Unauthorized Actor in LibreNMS
Moderate
CVE-2019-10667
was published
for
librenms/librenms
(Composer)
Oct 11, 2019
Airbrake keys not being filtered
Critical
CVE-2019-16060
was published
for
airbrake-ruby
(RubyGems)
Sep 11, 2019
Exposure of Sensitive Information to an Unauthorized Actor in ansible
Moderate
CVE-2019-10156
was published
for
ansible
(pip)
Jul 31, 2019
Improper Neutralization of Wildcards or Matching Symbols
Moderate
CVE-2019-3802
was published
for
org.springframework.data:spring-data-jpa
(Maven)
Jun 4, 2019
Memory Exposure in concat-stream
Moderate
GHSA-g74r-ffvr-5q9f
was published
for
concat-stream
(npm)
Jun 3, 2019
Memory Exposure in tunnel-agent
Moderate
GHSA-xc7v-wxcw-j472
was published
for
tunnel-agent
(npm)
Jun 3, 2019
Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA
Moderate
CVE-2019-3797
was published
for
org.springframework.data:spring-data-jpa
(Maven)
May 14, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Keycloak
Moderate
CVE-2019-3868
was published
for
org.keycloak:keycloak-core
(Maven)
Apr 30, 2019
Information Exposure vulnerability in Eclipse Jetty
Moderate
CVE-2019-10246
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Apr 23, 2019
Installation information leak in Eclipse Jetty
Moderate
CVE-2019-10247
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Apr 23, 2019
Microsoft.ChakraCore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2019-0746
was published
for
Microsoft.ChakraCore
(NuGet)
Apr 9, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark
Moderate
CVE-2018-1334
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Mar 14, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL
Moderate
CVE-2018-8024
was published
for
org.apache.spark:spark-core_2.10
(Maven)
Mar 14, 2019
Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
Moderate
CVE-2017-12625
was published
for
org.apache.hive:hive
(Maven)
Mar 14, 2019
Insecure Default Configuration in airbrake
Moderate
CVE-2016-10530
was published
for
airbrake
(npm)
Feb 18, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Hadoop
High
CVE-2018-1296
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Feb 12, 2019
Rendertron discloses absolute paths of files
High
CVE-2017-18355
was published
for
rendertron
(npm)
Feb 12, 2019
Exposure of Sensitive Information in Hadoop
Critical
CVE-2017-15718
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Dec 21, 2018
Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main
Moderate
CVE-2017-15713
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Dec 21, 2018
Exposure of Sensitive Information to an Unauthorized Actor in urllib3
Critical
CVE-2018-20060
was published
for
urllib3
(pip)
Dec 12, 2018
ProTip!
Advisories are also available from the
GraphQL API