Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,468 advisories

Adminer file disclosure vulnerability High
GHSA-97h7-mf38-g9mf was published for vrana/adminer (Composer) Jun 7, 2024
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically... High Unreviewed
CVE-2024-5124 was published Jun 6, 2024
Jupyter server on Windows discloses Windows user password hash High
CVE-2024-35178 was published for jupyter_server (pip) Jun 6, 2024
nvn1729
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PORTY Smart Tech... High Unreviewed
CVE-2024-1662 was published Jun 5, 2024
A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided... High Unreviewed
CVE-2024-4540 was published Jun 3, 2024
Symfony allows direct access of ESI URLs behind a trusted proxy High
CVE-2014-5245 was published for symfony/http-kernel (Composer) May 30, 2024
Silverstripe CMS information disclosure High
CVE-2020-6164 was published for silverstripe/cms (Composer) May 24, 2022
Duplicate Advisory: Scrapy leaks the authorization header on same-domain but cross-origin redirects High
GHSA-cg34-w3fm-82h3 was published for scrapy (pip) May 20, 2024 withdrawn
Cluster Monitoring Operator contains a credentials leak High
CVE-2024-1139 was published for github.com/openshift/cluster-monitoring-operator (Go) Apr 25, 2024
Wikimedia information leak vulnerability High
CVE-2019-12474 was published for mediawiki/core (Composer) May 24, 2022
eZ Platform User data disclosure High
GHSA-3g43-xfrw-pv5m was published for ezsystems/repository-forms (Composer) May 15, 2024
eZ Publish Information disclosure in backend content tree menu High
GHSA-cc2j-92jq-wgjg was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Password exposure in H2 Database High
CVE-2022-45868 was published for com.h2database:h2 (Maven) Nov 23, 2022
mrjonstrong pjfanning
OpenStack Nova Live migration can leak root disk into ephemeral storage High
CVE-2013-7130 was published for nova (pip) May 17, 2022
OpenStack Ironic Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2016-4985 was published for ironic (pip) May 13, 2022
An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note:... High Unreviewed
CVE-2024-26026 was published May 8, 2024
An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI).  Note:... High Unreviewed
CVE-2024-21793 was published May 8, 2024
Django Information leakage in AuthenticationForm High
CVE-2018-6188 was published for django (pip) Oct 3, 2018
MarkLee131
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Scribit GDPR... High Unreviewed
CVE-2024-34388 was published May 6, 2024
Quarkus OIDC can leak both ID and access tokens High
CVE-2023-1584 was published for io.quarkus:quarkus-oidc (Maven) Oct 4, 2023
LG Simple Editor checkServer Authentication Bypass Vulnerability. This vulnerability allows... High Unreviewed
CVE-2023-40511 was published May 3, 2024
LG Simple Editor getServerSetting Authentication Bypass Vulnerability. This vulnerability allows... High Unreviewed
CVE-2023-40510 was published May 3, 2024
D-Link DAP-2622 DDP Get SSID List WPA PSK Information Disclosure Vulnerability. This... High Unreviewed
CVE-2023-35750 was published May 3, 2024
openstack-mistral Discloses the presence of arbitrary files within the filesystem High
CVE-2018-16849 was published for mistral (pip) May 13, 2022
Home Assistant information disclosure vulnerability High
CVE-2018-21019 was published for homeassistant (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API