GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,626
Erlang
29
GitHub Actions
16
Go
1,698
Maven
4,936
npm
3,466
NuGet
601
pip
2,975
Pub
10
RubyGems
826
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+
877 advisories
Filter by severity
Data Leakage Vulnerability in livewire/livewire
Moderate
GHSA-qwvp-268g-jjm8
was published
for
livewire/livewire
(Composer)
May 15, 2024
Read private customer data reclaiming carts in Klaviyo Magento
Moderate
GHSA-hvgw-gg3p-295j
was published
for
klaviyo/magento2-extension
(Composer)
May 15, 2024
eZ Platform User data disclosure
High
GHSA-3g43-xfrw-pv5m
was published
for
ezsystems/repository-forms
(Composer)
May 15, 2024
eZ Publish Information disclosure in backend content tree menu
High
GHSA-cc2j-92jq-wgjg
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
eZ Platform REST API returns list of all SiteAccesses
Moderate
GHSA-9wwx-c723-vm8x
was published
for
ezsystems/ezpublish-kernel
(Composer)
May 15, 2024
endroid/qr-code-bundle File Disclosure via logo_path query parameter
Moderate
GHSA-mvf6-3f2g-xfxf
was published
for
endroid/qr-code-bundle
(Composer)
May 15, 2024
Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
Moderate
CVE-2022-39201
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana User enumeration via forget password
Moderate
CVE-2022-39307
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
Moderate
CVE-2022-31130
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Forward OAuth Identity Token can allow users to access some data sources
Low
CVE-2022-21673
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Anonymous PrestaShop customer can download other customers' invoices
Moderate
CVE-2024-34717
was published
for
prestashop/prestashop
(Composer)
May 14, 2024
Scrapy leaks the authorization header on same-domain but cross-origin redirects
Moderate
GHSA-4qqq-9vqf-3h3f
was published
for
Scrapy
(pip)
May 14, 2024
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController
Moderate
CVE-2024-34358
was published
for
typo3/cms-core
(Composer)
May 14, 2024
Directus allows redacted data extraction on the API through "alias"
Moderate
CVE-2024-34708
was published
for
directus
(npm)
May 13, 2024
MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2024-34080
was published
for
mantisbt/mantisbt
(Composer)
May 13, 2024
Kimai information disclosure vulnerability
Low
CVE-2024-4596
was published
for
kimai/kimai
(Composer)
May 7, 2024
Zitadel exposing internal database user name and host information
Moderate
CVE-2024-32967
was published
for
github.com/zitadel/zitadel
(Go)
May 1, 2024
Navidrome Parameter Tampering vulnerability
Moderate
CVE-2024-32963
was published
for
github.com/navidrome/navidrome
(Go)
May 1, 2024
Mattermost's detailed error messages reveal the full file path
Moderate
CVE-2024-32046
was published
for
github.com/mattermost/mattermost-server
(Go)
Apr 26, 2024
Cluster Monitoring Operator contains a credentials leak
High
CVE-2024-1139
was published
for
github.com/openshift/cluster-monitoring-operator
(Go)
Apr 25, 2024
Information disclosure in podman
Moderate
CVE-2020-14370
was published
for
github.com/containers/podman/v2
(Go)
Apr 24, 2024
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
Moderate
CVE-2024-31869
was published
for
apache-airflow
(pip)
Apr 18, 2024
Duplicate Advisory: Scrapy authorization header leakage on cross-domain redirect
High
GHSA-4q82-j5c2-g2c5
was published
for
scrapy
(pip)
Apr 16, 2024
•
withdrawn
phin may include sensitive headers in subsequent requests after redirect
Moderate
GHSA-x565-32qp-m3vf
was published
for
phin
(npm)
Apr 11, 2024
Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output
Low
GHSA-j5vm-7qcc-2wwg
was published
for
github.com/kopia/kopia
(Go)
Apr 10, 2024
ProTip!
Advisories are also available from the
GraphQL API