GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
169 advisories
Filter by severity
OpenStack Nova host data leak to vm instance in rescue mode
Low
CVE-2014-0134
was published
for
nova
(pip)
May 17, 2022
Plone Filesystem path information leak
Moderate
CVE-2013-7060
was published
for
plone
(pip)
May 17, 2022
Plone User account enumeration via crafted URL
Moderate
CVE-2012-5497
was published
for
plone
(pip)
May 17, 2022
Exposure of Sensitive Information in Plone
Moderate
CVE-2012-5508
was published
for
Plone
(pip)
May 17, 2022
OpenStack Cinder Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2014-3641
was published
for
cinder
(pip)
May 17, 2022
django-markupfield Arbitrary File Read
Moderate
CVE-2015-0846
was published
for
django-markupfield
(pip)
May 17, 2022
ceph-deploy uses world-readable permissions on client.admin key
Low
CVE-2015-4053
was published
for
ceph-deploy
(pip)
May 17, 2022
Roundup sensitive data disclosure vulnerability
Moderate
CVE-2014-6276
was published
for
roundup
(pip)
May 17, 2022
TripleO Heat templates might allow remote attackers to obtain sensitive information from private containers
High
CVE-2015-5271
was published
for
tripleo-heat-templates
(pip)
May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Requests
Moderate
CVE-2014-1829
was published
for
requests
(pip)
May 17, 2022
Tryton allows users to read the hashed password
Moderate
CVE-2016-1241
was published
for
trytond
(pip)
May 17, 2022
OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file
Moderate
CVE-2015-5163
was published
for
glance
(pip)
May 17, 2022
jwcrypto lacks the Random Filling protection mechanism
Moderate
CVE-2016-6298
was published
for
jwcrypto
(pip)
May 17, 2022
ceph-deploy allows local users to obtain sensitive information by reading the file
Low
CVE-2015-3010
was published
for
ceph-deploy
(pip)
May 17, 2022
Django settings leak in date template filter
Moderate
CVE-2015-8213
was published
for
django
(pip)
May 17, 2022
OpenStack Cinder file disclosure in image convert
Moderate
CVE-2015-1851
was published
for
cinder
(pip)
May 17, 2022
Tryton allow authenticated users with certain permissions to read arbitrary files via the name parameter
Moderate
CVE-2016-1242
was published
for
trytond
(pip)
May 17, 2022
Plone vulnerable to unauthorized disclosure of site content
Moderate
CVE-2016-4042
was published
for
Plone
(pip)
May 17, 2022
Salt uses weak permissions on the cache data
Low
CVE-2015-8034
was published
for
salt
(pip)
May 17, 2022
Weblate user account enumeration via reset password form
Moderate
CVE-2017-5537
was published
for
weblate
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API