GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
178 advisories
Filter by severity
Plone vulnerable to unauthorized disclosure of site content
Moderate
CVE-2016-4042
was published
for
Plone
(pip)
May 17, 2022
Plone is vulnerable to File System Path Exposure
Moderate
CVE-2013-4194
was published
for
plone
(pip)
May 17, 2022
python-keystoneclient unsecure user password update
Low
CVE-2013-2013
was published
for
python-keystoneclient
(pip)
May 17, 2022
open-webui allows enumeration of file names and traversal of directories by observing the error messages
Low
CVE-2024-7038
was published
for
open-webui
(pip)
Oct 9, 2024
Plone Filesystem path information leak
Moderate
CVE-2013-7060
was published
for
Products.CMFPlone
(pip)
May 17, 2022
Plone is vulnerable to Information Exposure when generating zip archives
Moderate
CVE-2013-4191
was published
for
plone
(pip)
May 17, 2022
Exposure of Sensitive Information in Plone
Moderate
CVE-2012-5508
was published
for
Plone
(pip)
May 17, 2022
Plone User account enumeration via crafted URL
Moderate
CVE-2012-5497
was published
for
plone
(pip)
May 17, 2022
Gradio has several components with post-process steps allow arbitrary file leaks
Moderate
CVE-2024-47868
was published
for
gradio
(pip)
Oct 10, 2024
Paramiko Unsafe randomness usage may allow access to sensitive information
High
CVE-2008-0299
was published
for
paramiko
(pip)
May 1, 2022
OMERO.web exposes some unnecessary session information in the page
High
CVE-2021-21376
was published
for
omero-web
(pip)
Mar 23, 2021
OMERO-web Sensitive Data Exposure
Moderate
CVE-2020-7932
was published
for
omero-web
(pip)
May 24, 2022
OpenStack Nova Server Resource Faults Leak External Exception Details
High
CVE-2019-14433
was published
for
nova
(pip)
May 24, 2022
Nautobot vulnerable to exposure of hashed user passwords via REST API
High
CVE-2023-46128
was published
for
nautobot
(pip)
Oct 24, 2023
Apache Superset: Improper error handling on alerts
Moderate
CVE-2024-27315
was published
for
apache-superset
(pip)
Feb 28, 2024
MoinMoin Exposure of Sensitive Disclosure when GATEWAY_INTERFACE variable is set
High
CVE-2010-0667
was published
for
moin
(pip)
May 2, 2022
RestrictedPython information leakage via `AttributeError.obj` and the `string` module
High
CVE-2024-47532
was published
for
RestrictedPython
(pip)
Sep 30, 2024
Temporary File Information Disclosure vulnerability in MPXJ
Low
CVE-2022-41954
was published
for
mpxj
(Maven)
Nov 28, 2022
openstack-mistral Discloses the presence of arbitrary files within the filesystem
High
CVE-2018-16849
was published
for
mistral
(pip)
May 13, 2022
RhodeCode and Kallithea are vulnerable to sensitive information disclosure
High
CVE-2015-0260
was published
for
Kallithea
(pip)
May 13, 2022
jwcrypto lacks the Random Filling protection mechanism
Moderate
CVE-2016-6298
was published
for
jwcrypto
(pip)
May 17, 2022
Synapse does not apply enough checks to servers requesting auth events of events in a room
High
CVE-2022-39335
was published
for
matrix-synapse
(pip)
May 24, 2023
ProTip!
Advisories are also available from the
GraphQL API