Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,303
Erlang
31
GitHub Actions
21
Go
2,072
Maven
5,000+
npm
3,744
NuGet
669
pip
3,430
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

578 advisories

Loading
Mattermost leaks details of AD/LDAP groups of a teams Moderate
CVE-2024-23493 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted Moderate
CVE-2024-31464 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 10, 2024
TunnelVision - decloaking VPNs using DHCP Moderate
GHSA-hqmp-g7ph-x543 was published for quincy (Rust) Dec 27, 2024
Welcome and About GeoServer pages communicate version and revision information Moderate
CVE-2024-35230 was published for org.geoserver.web:gs-web-app (Maven) Dec 16, 2024
jodygarnett
`auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace Moderate
CVE-2024-53859 was published for github.com/cli/go-gh (Go) Nov 27, 2024
BagToad williammartin
andyfeller jtmcg Ry0taK
Access to Archived Argo Workflows with Fake Token in `client` mode Moderate
CVE-2024-53862 was published for github.com/argoproj/argo-workflows/v3 (Go) Dec 2, 2024
ljyanesm agilgur5
Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts Moderate
CVE-2024-53858 was published for github.com/cli/cli/v2 (Go) Nov 27, 2024
BagToad andyfeller
williammartin jtmcg Ry0taK
OpenStack Cinder LVMVolumeDriver does not zero deleted snapshots Moderate
CVE-2013-4183 was published for cinder (pip) May 17, 2022
Rancher Helm Applications may have sensitive values leaked Moderate
CVE-2024-52282 was published for github.com/rancher/rancher (Go) Nov 20, 2024
OpenStack Glance logs user name and password in cleartext Moderate
CVE-2013-0212 was published for glance (pip) May 5, 2022
Tryton allows users to read the hashed password Moderate
CVE-2016-1241 was published for trytond (pip) May 17, 2022
Tryton allow authenticated users with certain permissions to read arbitrary files via the name parameter Moderate
CVE-2016-1242 was published for trytond (pip) May 17, 2022
Clear Text Credentials Exposed via Onboarding Task Moderate
CVE-2023-48700 was published for nautobot-device-onboarding (pip) Nov 21, 2023
whitej6 jeffkala
bryanculver scetron glennmatthews
OpenStack Nova Information leak in libvirt LVM-backed instances Moderate
CVE-2012-5625 was published for nova (pip) May 17, 2022
gnark's Groth16 commitment extension unsound for more than one commitment Moderate
CVE-2024-45039 was published for github.com/consensys/gnark (Go) Sep 6, 2024
maltezellic ivokub
Weblate user account enumeration via reset password form Moderate
CVE-2017-5537 was published for weblate (pip) May 17, 2022
Comment reply notifications sent to incorrect users Moderate
CVE-2022-21683 was published for wagtail (pip) Jan 21, 2022
dest81
Authorization Header forwarded on redirect Moderate
CVE-2018-25091 was published for urllib3 (pip) Oct 15, 2023
urllib3's request body not stripped after redirect from 303 status changes request method to GET Moderate
CVE-2023-45803 was published for urllib3 (pip) Oct 17, 2023
ranjit-git illia-v
sethmlarson Hacked36
Hwameistor Potential Permission Leakage of Cluster Level Moderate
CVE-2024-45054 was published for github.com/hwameistor/hwameistor (Go) Aug 29, 2024
younaman
@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages) Moderate
CVE-2024-39919 was published for @jmondi/url-to-png (npm) Jul 15, 2024
realArcherL
Exposure of Sensitive information in httpie Moderate
CVE-2022-0430 was published for httpie (pip) Mar 16, 2022
Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling Moderate
CVE-2024-23944 was published for org.apache.zookeeper:zookeeper (Maven) Mar 15, 2024
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission Moderate
CVE-2024-47805 was published for org.jenkins-ci.plugins:credentials (Maven) Oct 2, 2024
Moodle IDOR when accessing list of badge recipients Moderate
CVE-2024-48900 was published for moodle/moodle (Composer) Nov 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database