GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
193 advisories
Filter by severity
libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error...
Critical
Unreviewed
CVE-2010-3845
was published
May 17, 2022
A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not...
Critical
Unreviewed
CVE-2021-3688
was published
Aug 27, 2022
Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to...
Critical
Unreviewed
CVE-2023-0321
was published
Jan 26, 2023
angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend
Critical
CVE-2023-28444
was published
for
angular-server-side-configuration
(npm)
Mar 24, 2023
Improper access control allows admin privilege escalation in Argo CD
Critical
CVE-2022-24768
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Airbrake keys not being filtered
Critical
CVE-2019-16060
was published
for
airbrake-ruby
(RubyGems)
Sep 11, 2019
HGiga PowerStation has a vulnerability of Information Leakage. An unauthenticated remote attacker...
Critical
Unreviewed
CVE-2023-24838
was published
Jul 6, 2023
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code
Critical
CVE-2022-39222
was published
for
github.com/dexidp/dex
(Go)
Oct 3, 2022
tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli
Critical
GHSA-h24c-6p6p-m3vx
was published
for
github.com/bnb-chain/tss-lib
(Go)
Sep 1, 2023
Exposure of Sensitive Information to an Unauthorized Actor in urllib3
Critical
CVE-2018-20060
was published
for
urllib3
(pip)
Dec 12, 2018
Anchor CMS Logs Credentials
Critical
CVE-2018-7251
was published
for
anchorcms/anchor-cms
(Composer)
May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in AEgir
Critical
CVE-2020-11059
was published
for
aegir
(npm)
May 27, 2020
Json response for search reveals Solr credentials
Critical
GHSA-v6xp-ccvx-w52m
was published
for
ibexa/solr
(Composer)
Nov 3, 2023
Json response for search reveals Solr credentials
Critical
GHSA-7crc-r3wg-cfgf
was published
for
ezsystems/ezplatform-solr-search-engine
(Composer)
Nov 3, 2023
Argo CD cluster secret might leak in cluster details page
Critical
CVE-2023-40029
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Sep 11, 2023
SQLpage vulnerable to public exposure of database credentials
Critical
CVE-2023-42454
was published
for
sqlpage
(Rust)
Sep 21, 2023
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
Critical
CVE-2023-43791
was published
for
label-studio
(pip)
Nov 9, 2023
The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary...
Critical
Unreviewed
CVE-2023-6248
was published
Nov 22, 2023
Exposure of Sensitive Information in eventsource
Critical
CVE-2022-1650
was published
for
eventsource
(npm)
May 13, 2022
Openstack Magnum Unsafe Credential Handling
Critical
CVE-2016-7404
was published
for
openstack-magnum
(pip)
May 24, 2022
Cache poisoning in drupal/core
Critical
CVE-2023-5256
was published
for
drupal/core
(Composer)
Sep 28, 2023
Potential Remote Code Execution in TYPO3 with mediace extension
Critical
CVE-2020-15086
was published
for
friendsoftypo3/mediace
(Composer)
Jul 29, 2020
IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended...
Critical
Unreviewed
CVE-2010-2783
was published
Apr 21, 2022
Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Critical
CVE-2023-6572
was published
for
gradio
(pip)
Dec 14, 2023
As a default user on a multi-user instance of AnythingLLM, you could execute a call to the `...
Critical
Unreviewed
CVE-2024-0765
was published
Mar 3, 2024
ProTip!
Advisories are also available from the
GraphQL API