GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,468 advisories
Filter by severity
Adminer file disclosure vulnerability
High
GHSA-97h7-mf38-g9mf
was published
for
vrana/adminer
(Composer)
Jun 7, 2024
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically...
High
Unreviewed
CVE-2024-5124
was published
Jun 6, 2024
Jupyter server on Windows discloses Windows user password hash
High
CVE-2024-35178
was published
for
jupyter_server
(pip)
Jun 6, 2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PORTY Smart Tech...
High
Unreviewed
CVE-2024-1662
was published
Jun 5, 2024
A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided...
High
Unreviewed
CVE-2024-4540
was published
Jun 3, 2024
Symfony allows direct access of ESI URLs behind a trusted proxy
High
CVE-2014-5245
was published
for
symfony/http-kernel
(Composer)
May 30, 2024
Silverstripe CMS information disclosure
High
CVE-2020-6164
was published
for
silverstripe/cms
(Composer)
May 24, 2022
Duplicate Advisory: Scrapy leaks the authorization header on same-domain but cross-origin redirects
High
GHSA-cg34-w3fm-82h3
was published
for
scrapy
(pip)
May 20, 2024
•
withdrawn
Cluster Monitoring Operator contains a credentials leak
High
CVE-2024-1139
was published
for
github.com/openshift/cluster-monitoring-operator
(Go)
Apr 25, 2024
Wikimedia information leak vulnerability
High
CVE-2019-12474
was published
for
mediawiki/core
(Composer)
May 24, 2022
eZ Platform User data disclosure
High
GHSA-3g43-xfrw-pv5m
was published
for
ezsystems/repository-forms
(Composer)
May 15, 2024
eZ Publish Information disclosure in backend content tree menu
High
GHSA-cc2j-92jq-wgjg
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
Password exposure in H2 Database
High
CVE-2022-45868
was published
for
com.h2database:h2
(Maven)
Nov 23, 2022
OpenStack Nova Live migration can leak root disk into ephemeral storage
High
CVE-2013-7130
was published
for
nova
(pip)
May 17, 2022
OpenStack Ironic Exposure of Sensitive Information to an Unauthorized Actor
High
CVE-2016-4985
was published
for
ironic
(pip)
May 13, 2022
An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note:...
High
Unreviewed
CVE-2024-26026
was published
May 8, 2024
An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note:...
High
Unreviewed
CVE-2024-21793
was published
May 8, 2024
Django Information leakage in AuthenticationForm
High
CVE-2018-6188
was published
for
django
(pip)
Oct 3, 2018
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Scribit GDPR...
High
Unreviewed
CVE-2024-34388
was published
May 6, 2024
Quarkus OIDC can leak both ID and access tokens
High
CVE-2023-1584
was published
for
io.quarkus:quarkus-oidc
(Maven)
Oct 4, 2023
LG Simple Editor checkServer Authentication Bypass Vulnerability. This vulnerability allows...
High
Unreviewed
CVE-2023-40511
was published
May 3, 2024
LG Simple Editor getServerSetting Authentication Bypass Vulnerability. This vulnerability allows...
High
Unreviewed
CVE-2023-40510
was published
May 3, 2024
D-Link DAP-2622 DDP Get SSID List WPA PSK Information Disclosure Vulnerability. This...
High
Unreviewed
CVE-2023-35750
was published
May 3, 2024
openstack-mistral Discloses the presence of arbitrary files within the filesystem
High
CVE-2018-16849
was published
for
mistral
(pip)
May 13, 2022
Home Assistant information disclosure vulnerability
High
CVE-2018-21019
was published
for
homeassistant
(pip)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API