GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
23 advisories
Filter by severity
Publify Core does not strip metadata from images
Moderate
CVE-2022-2815
was published
for
publify_core
(RubyGems)
Jan 14, 2023
ezplatform-graphql GraphQL queries can expose password hashes
High
CVE-2022-41876
was published
for
ezsystems/ezplatform-graphql
(Composer)
Nov 10, 2022
Insecure password handling vulnerability in Strapi
High
CVE-2021-46440
was published
for
@strapi/strapi
(npm)
May 4, 2022
Remote code execution in Apache Tapestry
Critical
CVE-2021-27850
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Jun 16, 2021
Authentication bypass in Apache Kylin
Moderate
CVE-2020-13937
was published
for
org.apache.kylin:kylin
(Maven)
Feb 10, 2022
Sensitive Data Exposure in miniorange_saml
High
CVE-2021-36786
was published
for
miniorange/miniorange-saml
(Composer)
Sep 1, 2021
Improper use of cryptographic key in wal-g
High
CVE-2021-38599
was published
for
github.com/wal-g/wal-g
(Go)
Sep 2, 2021
Insecure Storage of Sensitive Information in Microweber
High
CVE-2022-0724
was published
for
microweber/microweber
(Composer)
Feb 24, 2022
RosarioSIS Stores Sensitive Data in a Mechanism without Access Control
High
CVE-2023-2665
was published
for
francoisjacquet/rosariosis
(Composer)
May 19, 2023
vantage6 may create unencrypted tasks in encrypted collaboration
Low
CVE-2024-22193
was published
for
vantage6
(pip)
Jan 30, 2024
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)
High
CVE-2024-4540
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 10, 2024
Spoofing attack in swagger-ui
Moderate
CVE-2018-25031
was published
for
swagger-ui
(npm)
Mar 12, 2022
Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds
Moderate
CVE-2023-50298
was published
for
org.apache.solr:solr-solrj
(Maven)
Feb 9, 2024
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials
Low
CVE-2024-47197
was published
for
org.apache.maven.plugins:maven-archetype-plugin
(Maven)
Sep 26, 2024
rke's credentials are stored in the RKE1 Cluster state ConfigMap
Critical
CVE-2023-32191
was published
for
github.com/rancher/rke
(Go)
Jun 17, 2024
scikit-learn sensitive data leakage vulnerability
Moderate
CVE-2024-5206
was published
for
scikit-learn
(pip)
Jun 6, 2024
Apache Camel data exposure vulnerability
Low
CVE-2024-22371
was published
for
org.apache.camel:camel-core
(Maven)
Feb 26, 2024
Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions
Moderate
CVE-2024-23445
was published
for
org.elasticsearch:elasticsearch
(Maven)
Jun 12, 2024
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin
Moderate
CVE-2024-39459
was published
for
org.jenkins-ci.plugins:plain-credentials
(Maven)
Jun 26, 2024
Logging of the firestore key within nodejs-firestore
Moderate
CVE-2023-6460
was published
for
@google-cloud/firestore
(npm)
Dec 4, 2023
Moodle admin presets export tool includes some secrets that should not be exported
Low
CVE-2024-43427
was published
for
moodle/moodle
(Composer)
Nov 11, 2024
Apache StreamPark: Information leakage vulnerability
Moderate
CVE-2024-29120
was published
for
org.apache.streampark:streampark
(Maven)
Jul 17, 2024
Missing permission checks on Hazelcast client protocol
High
CVE-2023-45859
was published
for
com.hazelcast:hazelcast
(Maven)
Feb 27, 2024
ProTip!
Advisories are also available from the
GraphQL API