GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
985 advisories
Filter by severity
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials
Low
CVE-2024-47197
was published
for
org.apache.maven.plugins:maven-archetype-plugin
(Maven)
Sep 26, 2024
Temporary File Information Disclosure vulnerability in MPXJ
Low
CVE-2022-41954
was published
for
mpxj
(Maven)
Nov 28, 2022
The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in...
Low
Unreviewed
CVE-2023-5359
was published
Sep 25, 2024
Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.
Low
CVE-2021-39163
was published
for
matrix-synapse
(pip)
Sep 1, 2021
Improper authorisation of members discloses room membership to non-members
Low
CVE-2021-39164
was published
for
matrix-synapse
(pip)
Sep 1, 2021
Exposure of Sensitive information in httpie
Low
CVE-2022-0430
was published
for
httpie
(pip)
Mar 16, 2022
A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for...
Low
Unreviewed
CVE-2024-8612
was published
Sep 20, 2024
An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a...
Low
Unreviewed
CVE-2023-5081
was published
Jan 19, 2024
ceph-deploy allows local users to obtain sensitive information by reading the file
Low
CVE-2015-3010
was published
for
ceph-deploy
(pip)
May 17, 2022
Sensitive information disclosure due to excessive collection of system information. The following...
Low
Unreviewed
CVE-2023-48680
was published
Feb 27, 2024
Sensitive information disclosure due to excessive collection of system information. The following...
Low
Unreviewed
CVE-2023-44213
was published
Oct 6, 2023
Mattermost incorrectly allows access individual posts
Low
CVE-2024-1952
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Exposure of Sensitive Information to an Unauthorized Actor in Ansible
Low
CVE-2020-1739
was published
for
ansible
(pip)
Apr 7, 2021
ceph-deploy uses world-readable permissions on client.admin key
Low
CVE-2015-4053
was published
for
ceph-deploy
(pip)
May 17, 2022
Libcloud does not properly scrub data when destroying a DigitalOcean node
Low
CVE-2013-6480
was published
for
apache-libcloud
(pip)
May 14, 2022
Hwameistor Potential Permission Leakage of Cluster Level
Low
CVE-2024-45054
was published
for
github.com/hwameistor/hwameistor
(Go)
Aug 29, 2024
Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local...
Low
Unreviewed
CVE-2023-6287
was published
Nov 27, 2023
A vulnerability has been identified in RUGGEDCOM RST2228 (All versions < V5.9.0), RUGGEDCOM...
Low
Unreviewed
CVE-2023-52238
was published
Jul 9, 2024
HCL Connections contains a user enumeration vulnerability. Certain actions could allow an...
Low
Unreviewed
CVE-2024-23557
was published
Apr 18, 2024
Mattermost race condition
Low
CVE-2024-1949
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Sentry's Python SDK unintentionally exposes environment variables to subprocesses
Low
CVE-2024-40647
was published
for
sentry-sdk
(pip)
Jul 18, 2024
@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages)
Low
CVE-2024-39919
was published
for
@jmondi/url-to-png
(npm)
Jul 15, 2024
An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all...
Low
Unreviewed
CVE-2024-7060
was published
Jul 25, 2024
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go
Low
GHSA-xr7q-jx4m-x55m
was published
for
google.golang.org/grpc
(Go)
Jul 5, 2024
ProTip!
Advisories are also available from the
GraphQL API