GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
103 advisories
Filter by severity
Password hash exposed in CraftCMS two factor authentication plugin
Low
CVE-2024-5657
was published
for
born05/craft-twofactorauthentication
(Composer)
Jun 6, 2024
Grafana Forward OAuth Identity Token can allow users to access some data sources
Low
CVE-2022-21673
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Kimai information disclosure vulnerability
Low
CVE-2024-4596
was published
for
kimai/kimai
(Composer)
May 7, 2024
Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output
Low
GHSA-j5vm-7qcc-2wwg
was published
for
github.com/kopia/kopia
(Go)
Apr 10, 2024
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Low
CVE-2024-30260
was published
for
undici
(npm)
Apr 4, 2024
Unauthenticated views may expose information to anonymous users
Low
CVE-2024-29199
was published
for
nautobot
(pip)
Mar 26, 2024
In Quarkus, git credentials could be inadvertently published
Low
CVE-2024-1979
was published
for
io.quarkus:quarkus-kubernetes-deployment
(Maven)
Mar 13, 2024
Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin
Low
GHSA-68c2-4mpx-qh95
was published
for
@sentry/react-native
(npm)
Mar 1, 2024
Mattermost race condition
Low
CVE-2024-1949
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Mattermost incorrectly allows access individual posts
Low
CVE-2024-1952
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Apache Camel data exposure vulnerability
Low
CVE-2024-22371
was published
for
org.apache.camel:camel-core
(Maven)
Feb 26, 2024
Undici proxy-authorization header not cleared on cross-origin redirect in fetch
Low
CVE-2024-24758
was published
for
undici
(npm)
Feb 16, 2024
Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds
Low
CVE-2023-50298
was published
for
org.apache.solr:solr-solrj
(Maven)
Feb 9, 2024
Unauthenticated db-file-storage views
Low
CVE-2023-50263
was published
for
nautobot
(pip)
Dec 13, 2023
Brute force exploit can be used to collect valid usernames
Low
CVE-2023-49278
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email.
Low
CVE-2023-49274
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files
Low
CVE-2023-43123
was published
for
org.apache.storm:storm-core
(Maven)
Nov 23, 2023
Exposure of Sensitive Information in Elastic APM .NET Agent
Low
CVE-2021-22143
was published
for
Elastic.Apm
(NuGet)
Nov 22, 2023
Information Disclosure in typo3/cms-install tool
Low
CVE-2023-47126
was published
for
typo3/cms-install
(Composer)
Nov 14, 2023
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Low
CVE-2023-5551
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
Wagtail vulnerable to disclosure of user names via admin bulk action views
Low
CVE-2023-45809
was published
for
wagtail
(pip)
Oct 19, 2023
vantage6 does not properly delete linked resources when deleting a collaboration
Low
CVE-2023-41881
was published
for
vantage6
(pip)
Oct 16, 2023
Undici's cookie header not cleared on cross-origin redirect in fetch
Low
CVE-2023-45143
was published
for
undici
(npm)
Oct 16, 2023
matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms
Low
CVE-2023-38700
was published
for
matrix-appservice-irc
(npm)
Aug 4, 2023
ProTip!
Advisories are also available from the
GraphQL API