GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
957 advisories
Filter by severity
MoinMoin Exposure of Sensitive Disclosure when GATEWAY_INTERFACE variable is set
High
CVE-2010-0667
was published
for
moin
(pip)
May 2, 2022
RestrictedPython information leakage via `AttributeError.obj` and the `string` module
High
CVE-2024-47532
was published
for
RestrictedPython
(pip)
Sep 30, 2024
MantisBT vulnerable to information disclosure with user profiles
Moderate
CVE-2024-45792
was published
for
mantisbt/mantisbt
(Composer)
Sep 30, 2024
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials
Low
CVE-2024-47197
was published
for
org.apache.maven.plugins:maven-archetype-plugin
(Maven)
Sep 26, 2024
Temporary File Information Disclosure vulnerability in MPXJ
Low
CVE-2022-41954
was published
for
mpxj
(Maven)
Nov 28, 2022
gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property
Moderate
CVE-2024-45040
was published
for
github.com/consensys/gnark
(Go)
Sep 6, 2024
Strapi's field level permissions not being respected in relationship title
Moderate
CVE-2023-37263
was published
for
@strapi/plugin-content-manager
(npm)
Sep 13, 2023
Cros secrets may be disclosed to untrusted relay
Moderate
CVE-2023-43617
was published
for
github.com/schollz/croc/v9
(Go)
Sep 20, 2023
openstack-mistral Discloses the presence of arbitrary files within the filesystem
High
CVE-2018-16849
was published
for
mistral
(pip)
May 13, 2022
RhodeCode and Kallithea are vulnerable to sensitive information disclosure
High
CVE-2015-0260
was published
for
Kallithea
(pip)
May 13, 2022
jwcrypto lacks the Random Filling protection mechanism
Moderate
CVE-2016-6298
was published
for
jwcrypto
(pip)
May 17, 2022
Synapse does not apply enough checks to servers requesting auth events of events in a room
High
CVE-2022-39335
was published
for
matrix-synapse
(pip)
May 24, 2023
openstack-heat may disclose sensitive information
Moderate
CVE-2024-7319
was published
for
openstack-heat
(pip)
Aug 2, 2024
Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.
Low
CVE-2021-39163
was published
for
matrix-synapse
(pip)
Sep 1, 2021
Improper authorisation of members discloses room membership to non-members
Low
CVE-2021-39164
was published
for
matrix-synapse
(pip)
Sep 1, 2021
Exposure of Sensitive Information to an Unauthorized Actor in httpie
Moderate
CVE-2022-24737
was published
for
httpie
(pip)
Mar 7, 2022
Exposure of sensitive information to an unauthorized actor in HyperKitty
High
CVE-2021-33038
was published
for
HyperKitty
(pip)
Jun 1, 2021
Exposure of Sensitive information in httpie
Low
CVE-2022-0430
was published
for
httpie
(pip)
Mar 16, 2022
Home Assistant information disclosure vulnerability
High
CVE-2018-21019
was published
for
homeassistant
(pip)
May 24, 2022
Home Assistant vulnerable to account takeover via auth_callback login
Moderate
CVE-2023-41893
was published
for
homeassistant
(pip)
Oct 26, 2023
FreeIPA logs passwords embedded in commands in calls using batch
Moderate
CVE-2019-10195
was published
for
freeipa
(pip)
May 24, 2022
Exposure of Sensitive Information in EVE-SRP
Moderate
CVE-2020-36660
was published
for
EVE-SRP
(pip)
Feb 6, 2023
ZITADEL Allows Unauthorized Access After Organization or Project Deactivation
Moderate
CVE-2024-47060
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
Mautic allows users enumeration due to weak password login
Moderate
CVE-2024-47059
was published
for
mautic/core
(Composer)
Sep 18, 2024
Vite's `server.fs.deny` is bypassed when using `?import&raw`
Moderate
CVE-2024-45811
was published
for
vite
(npm)
Sep 17, 2024
ProTip!
Advisories are also available from the
GraphQL API