Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

20 advisories

Loading
Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data Low
CVE-2024-50378 was published for apache-airflow (pip) Nov 8, 2024
Liferay Portal vulnerable to user impersonation High
CVE-2024-25148 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 8, 2024
Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel Low
CVE-2023-3299 was published for github.com/hashicorp/nomad (Go) Jul 20, 2023
anonymous4ACL24
Potential sensitive information disclosed in error reports Low
CVE-2021-21416 was published for django-registration (pip) Apr 6, 2021
martinmo tdunlap607
Pomerium exposed OAuth2 access and ID tokens in user info endpoint response Moderate
CVE-2024-39315 was published for github.com/pomerium/pomerium (Go) Jul 5, 2024
Enr1g
Undici vulnerable to data leak when using response.arrayBuffer() Low
CVE-2024-38372 was published for undici (npm) Jul 9, 2024
bcomnes KhafraDev
Exposure of Sensitive Information to an Unauthorized Actor and Insertion of Sensitive Information Into Sent Data in Calico Moderate
CVE-2020-13597 was published for github.com/projectcalico/calico (Go) Feb 15, 2022
richardfan0606 luhring
Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosure Moderate
CVE-2024-4536 was published for org.eclipse.edc:connector-core (Maven) May 7, 2024
Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore Moderate
CVE-2024-32028 was published for OpenTelemetry.Instrumentation.AspNetCore (NuGet) Apr 12, 2024
IlyaGrebnov
Remote Memory Exposure in mongoose Moderate
GHSA-r5xw-q988-826m was published for mongoose (npm) Sep 1, 2020
mprpic
Cookies are sent to external images in rendered diff (and server side request forgery) Critical
CVE-2023-48240 was published for org.xwiki.platform:xwiki-platform-diff-xml (Maven) Nov 20, 2023
Vaadin vulnerable to possible information disclosure in non visible components. Moderate
CVE-2023-25499 was published for com.vaadin:flow-server (Maven) Jun 22, 2023
Remote Memory Disclosure in ws Low
CVE-2016-10518 was published for ws (npm) Feb 18, 2019
tdunlap607
Remote Memory Exposure in request Moderate
CVE-2017-16026 was published for request (npm) Nov 9, 2018
tdunlap607
keycloak-core discloses system properties Moderate
CVE-2017-2582 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
Answer vulnerable to Insertion of Sensitive Information Into Sent Data Moderate
CVE-2023-1975 was published for github.com/answerdev/answer (Go) Apr 11, 2023
Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True` High
CVE-2023-28117 was published for sentry-sdk (pip) Mar 21, 2023
mysql Node.JS Module Vulnerable to Remote Memory Exposure Moderate
GHSA-5f7m-mmpc-qhh4 was published for mysql (npm) May 23, 2019
Remote Memory Disclosure in bittorrent-dht Moderate
CVE-2016-10519 was published for bittorrent-dht (npm) Sep 1, 2020
Remote Memory Exposure in floody Moderate
GHSA-3p92-886g-qxpq was published for floody (npm) Jun 4, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database