Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

21 advisories

Loading
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance Moderate
CVE-2024-24595 was published for clearml (pip) Feb 6, 2024
m3t3kh4n
OpenStack Barbican credential leak flaw Moderate
CVE-2023-1633 was published for barbican (pip) Sep 24, 2023
Plaintext storage of tokens in pulp_ansible Moderate
CVE-2022-3644 was published for pulp-ansible (pip) Oct 25, 2022
python-oslo-utils has improper password parsing Moderate
CVE-2022-0718 was published for oslo-utils (pip) Aug 29, 2022
rpc.py vulnerable to Deserialization of Untrusted Data Critical
CVE-2022-35411 was published for rpc.py (pip) Jul 9, 2022
Ansible Exposes Sensitive Information High
CVE-2021-20228 was published for ansible (pip) May 25, 2022
Apache Superset allowed for database connections password leak for authenticated users Moderate
CVE-2021-41972 was published for apache-superset (pip) May 24, 2022
SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod Moderate
CVE-2021-25284 was published for salt (pip) May 24, 2022
Openstack cinder Improper handling of ScaleIO backend credentials Moderate
CVE-2020-10755 was published for cinder (pip) May 24, 2022
OpenStack Keystone Credential Leakage High
CVE-2019-19687 was published for keystone (pip) May 24, 2022
Ansible password prompts could expose passwords Moderate
CVE-2019-10206 was published for ansible (pip) May 24, 2022
tdunlap607
Ansible sets unsafe permissions for sources.list Moderate
CVE-2014-4659 was published for ansible (pip) May 17, 2022
python-keystoneclient vulnerable to context confusion in Keystone auth_token middleware Moderate
CVE-2014-0105 was published for python-keystoneclient (pip) May 17, 2022
SiCKRAGE Discloses Plaintext Credentials Critical
CVE-2018-9160 was published for sickrage (pip) May 13, 2022
Cloudtoken Insufficiently Protects Credentials Moderate
CVE-2018-13390 was published for cloudtoken (pip) May 13, 2022
OpenStack Identity Keystone and keystonemiddleware Insufficiently Protected Credentials High
CVE-2015-7546 was published for keystone (pip) May 13, 2022
Insufficiently Protected Credentials in Apache Superset Moderate
CVE-2021-44451 was published for apache-superset (pip) Feb 2, 2022
Scrapy HTTP authentication credentials potentially leaked to target websites Moderate
CVE-2021-41125 was published for Scrapy (pip) Oct 6, 2021
django-nopassword stores secrets in cleartext High
CVE-2019-10682 was published for django-nopassword (pip) Jun 5, 2020
Insufficiently Protected Credentials in Requests High
CVE-2018-18074 was published for requests (pip) Oct 29, 2018
Django allows unprivileged users to read the password hashes of arbitrary accounts Moderate
CVE-2018-16984 was published for django (pip) Oct 3, 2018
sunSUNQ
ProTip! Advisories are also available from the GraphQL API