GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
908 advisories
Filter by severity
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem
High
CVE-2024-23331
was published
for
vite
(npm)
Jan 19, 2024
JupyterLab vulnerable to potential authentication and CSRF tokens leak
High
CVE-2024-22421
was published
for
jupyterlab
(pip)
Jan 19, 2024
Apache Solr allows read access to host environmet variables
Moderate
CVE-2023-50290
was published
for
org.apache.solr:solr-core
(Maven)
Jan 15, 2024
@backstage/backend-app-api leaks GitLab access tokens
High
CVE-2023-6944
was published
for
@backstage/backend-app-api
(npm)
Jan 4, 2024
CubeFS leaks magic secret key when starting Blobstore access service
Moderate
CVE-2023-46741
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
Mattermost notified all users in the channel when using WebSockets to respond individually
Moderate
CVE-2023-48732
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Jan 2, 2024
Solr search discloses email addresses of users
Moderate
CVE-2023-50720
was published
for
org.xwiki.platform:xwiki-platform-search-solr-api
(Maven)
Dec 16, 2023
Solr search discloses password hashes of all users
High
CVE-2023-50719
was published
for
org.xwiki.platform:xwiki-platform-search-solr-api
(Maven)
Dec 16, 2023
Potential CSV export data leak
High
CVE-2023-50448
was published
for
activeadmin
(RubyGems)
Dec 15, 2023
User accounts disclosed to unauthenticated actors on the LAN
Moderate
CVE-2023-50715
was published
for
homeassistant
(pip)
Dec 15, 2023
Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Critical
CVE-2023-6572
was published
for
gradio
(pip)
Dec 14, 2023
Displayed in plain text by Dingding JSON Pusher Plugin
Moderate
CVE-2023-50773
was published
for
com.zintow:dingding-json-pusher
(Maven)
Dec 13, 2023
Unauthenticated db-file-storage views
Low
CVE-2023-50263
was published
for
nautobot
(pip)
Dec 13, 2023
Brute force exploit can be used to collect valid usernames
Low
CVE-2023-49278
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email.
Low
CVE-2023-49274
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Exposure of Sensitive Information in mltable
Moderate
CVE-2023-35625
was published
for
mltable
(pip)
Dec 12, 2023
Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method
High
CVE-2023-48122
was published
for
microweber/microweber
(Composer)
Dec 8, 2023
Quarkus Cache Runtime exposes sensitive information to an unauthorized actor
Moderate
CVE-2023-6393
was published
for
io.quarkus:quarkus-cache
(Maven)
Dec 6, 2023
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-6459
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Dec 6, 2023
github.com/ecies/go vulnerable to possible private key restoration
High
CVE-2023-49292
was published
for
github.com/ecies/go/v2
(Go)
Dec 5, 2023
Test code in published microsoft-graph-beta package exposes phpinfo()
Moderate
GHSA-7mc6-x925-7qvx
was published
for
microsoft/microsoft-graph-beta
(Composer)
Dec 5, 2023
Test code in published microsoft-graph-core package exposes phpinfo()
Moderate
CVE-2023-49283
was published
for
microsoft/microsoft-graph-core
(Composer)
Dec 5, 2023
Test code in published microsoft-graph package exposes phpinfo()
Moderate
CVE-2023-49282
was published
for
microsoft/microsoft-graph
(Composer)
Dec 5, 2023
Environment variables still accessible through /proc
Moderate
GHSA-wj7f-468m-6mv8
was published
for
birdcage
(Rust)
Dec 1, 2023
ProTip!
Advisories are also available from the
GraphQL API