GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
989 advisories
Filter by severity
python-keystoneclient unsecure user password update
Low
CVE-2013-2013
was published
for
python-keystoneclient
(pip)
May 17, 2022
open-webui allows enumeration of file names and traversal of directories by observing the error messages
Low
CVE-2024-7038
was published
for
open-webui
(pip)
Oct 9, 2024
OpenTofu potential leaking of secret variable values when using static evaluation in v1.8
Low
GHSA-wpr2-j6gr-pjw9
was published
for
github.com/opentofu/opentofu
(Go)
Oct 3, 2024
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user...
Low
Unreviewed
CVE-2024-30118
was published
Oct 9, 2024
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in...
Low
Unreviewed
CVE-2024-33506
was published
Oct 8, 2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16...
Low
Unreviewed
CVE-2023-5831
was published
Nov 6, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to...
Low
Unreviewed
CVE-2023-2620
was published
Jul 13, 2023
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials
Low
CVE-2024-47197
was published
for
org.apache.maven.plugins:maven-archetype-plugin
(Maven)
Sep 26, 2024
The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in...
Low
Unreviewed
CVE-2023-5359
was published
Sep 25, 2024
Temporary File Information Disclosure vulnerability in MPXJ
Low
CVE-2022-41954
was published
for
mpxj
(Maven)
Nov 28, 2022
Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.
Low
CVE-2021-39163
was published
for
matrix-synapse
(pip)
Sep 1, 2021
Improper authorisation of members discloses room membership to non-members
Low
CVE-2021-39164
was published
for
matrix-synapse
(pip)
Sep 1, 2021
Exposure of Sensitive information in httpie
Low
CVE-2022-0430
was published
for
httpie
(pip)
Mar 16, 2022
A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for...
Low
Unreviewed
CVE-2024-8612
was published
Sep 20, 2024
An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a...
Low
Unreviewed
CVE-2023-5081
was published
Jan 19, 2024
ceph-deploy allows local users to obtain sensitive information by reading the file
Low
CVE-2015-3010
was published
for
ceph-deploy
(pip)
May 17, 2022
Sensitive information disclosure due to excessive collection of system information. The following...
Low
Unreviewed
CVE-2023-48680
was published
Feb 27, 2024
Sensitive information disclosure due to excessive collection of system information. The following...
Low
Unreviewed
CVE-2023-44213
was published
Oct 6, 2023
Mattermost incorrectly allows access individual posts
Low
CVE-2024-1952
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Feb 29, 2024
Exposure of Sensitive Information to an Unauthorized Actor in Ansible
Low
CVE-2020-1739
was published
for
ansible
(pip)
Apr 7, 2021
ceph-deploy uses world-readable permissions on client.admin key
Low
CVE-2015-4053
was published
for
ceph-deploy
(pip)
May 17, 2022
Libcloud does not properly scrub data when destroying a DigitalOcean node
Low
CVE-2013-6480
was published
for
apache-libcloud
(pip)
May 14, 2022
Hwameistor Potential Permission Leakage of Cluster Level
Low
CVE-2024-45054
was published
for
github.com/hwameistor/hwameistor
(Go)
Aug 29, 2024
Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local...
Low
Unreviewed
CVE-2023-6287
was published
Nov 27, 2023
ProTip!
Advisories are also available from the
GraphQL API