GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20 advisories
Filter by severity
Remote Memory Exposure in floody
Moderate
GHSA-3p92-886g-qxpq
was published
for
floody
(npm)
Jun 4, 2019
Remote Memory Disclosure in bittorrent-dht
Moderate
CVE-2016-10519
was published
for
bittorrent-dht
(npm)
Sep 1, 2020
mysql Node.JS Module Vulnerable to Remote Memory Exposure
Moderate
GHSA-5f7m-mmpc-qhh4
was published
for
mysql
(npm)
May 23, 2019
Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`
High
CVE-2023-28117
was published
for
sentry-sdk
(pip)
Mar 21, 2023
Answer vulnerable to Insertion of Sensitive Information Into Sent Data
Moderate
CVE-2023-1975
was published
for
github.com/answerdev/answer
(Go)
Apr 11, 2023
keycloak-core discloses system properties
Moderate
CVE-2017-2582
was published
for
org.keycloak:keycloak-core
(Maven)
Oct 18, 2018
Remote Memory Exposure in request
Moderate
CVE-2017-16026
was published
for
request
(npm)
Nov 9, 2018
Vaadin vulnerable to possible information disclosure in non visible components.
Moderate
CVE-2023-25499
was published
for
com.vaadin:flow-server
(Maven)
Jun 22, 2023
Cookies are sent to external images in rendered diff (and server side request forgery)
Critical
CVE-2023-48240
was published
for
org.xwiki.platform:xwiki-platform-diff-xml
(Maven)
Nov 20, 2023
Remote Memory Exposure in mongoose
Moderate
GHSA-r5xw-q988-826m
was published
for
mongoose
(npm)
Sep 1, 2020
Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore
Moderate
CVE-2024-32028
was published
for
OpenTelemetry.Instrumentation.AspNetCore
(NuGet)
Apr 12, 2024
Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosure
Moderate
CVE-2024-4536
was published
for
org.eclipse.edc:connector-core
(Maven)
May 7, 2024
Exposure of Sensitive Information to an Unauthorized Actor and Insertion of Sensitive Information Into Sent Data in Calico
Moderate
CVE-2020-13597
was published
for
github.com/projectcalico/calico
(Go)
Feb 15, 2022
Undici vulnerable to data leak when using response.arrayBuffer()
Low
CVE-2024-38372
was published
for
undici
(npm)
Jul 9, 2024
Pomerium exposed OAuth2 access and ID tokens in user info endpoint response
Moderate
CVE-2024-39315
was published
for
github.com/pomerium/pomerium
(Go)
Jul 5, 2024
Potential sensitive information disclosed in error reports
Low
CVE-2021-21416
was published
for
django-registration
(pip)
Apr 6, 2021
Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel
Low
CVE-2023-3299
was published
for
github.com/hashicorp/nomad
(Go)
Jul 20, 2023
Liferay Portal vulnerable to user impersonation
High
CVE-2024-25148
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 8, 2024
Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data
Low
CVE-2024-50378
was published
for
apache-airflow
(pip)
Nov 8, 2024
ProTip!
Advisories are also available from the
GraphQL API