Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,643
Maven
5,000+
npm
4,269
NuGet
760
pip
4,062
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

9,975 advisories

Loading
Fat Free CRM vulnerable to Exposure of Sensitive Information Moderate
CVE-2013-7249 was published for fat_free_crm (RubyGems) May 17, 2022
Fat Free CRM allows remote attackers to obtain sensitive information via a direct request Moderate
CVE-2013-7224 was published for fat_free_crm (RubyGems) May 17, 2022
backup-agoddard and backup_checksum have Information Exposure vulnerability High
CVE-2014-4993 was published for backup-agoddard (RubyGems) May 14, 2022
Ignition config accessible to unprivileged software on VMware Moderate
CVE-2022-1706 was published for github.com/coreos/ignition (Go) May 25, 2022
jonaz bgilbert
Credited to jonaz and bgilbert
Microsoft.ChakraCore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2019-0746 was published for Microsoft.ChakraCore (NuGet) Apr 9, 2019
Private files publicly accessible with Cloud Storage providers High
GHSA-vrf2-xghr-j52v was published for shopware/core (Composer) Jun 28, 2021
Any storage file can be downloaded from p.sh if full server path is known High
GHSA-gqcf-83rq-gpfr was published for ibexa/post-install (Composer) Sep 14, 2021
Any storage file can be downloaded from p.sh if full server path is known High
GHSA-2rh5-jvgx-pgw3 was published for ezsystems/ezplatform (Composer) Sep 14, 2021
User enumeration in authentication mechanisms Low
GHSA-2frx-j9hj-6c65 was published for lexik/jwt-authentication-bundle (Composer) May 17, 2021
mbrodala chalasr
Credited to mbrodala and chalasr
Lookup function information discolosure in helm High
CVE-2020-11013 was published for helm.sh/helm/v3 (Go) May 27, 2021
Exposure of server configuration in github.com/go-vela/server High
CVE-2020-26294 was published for github.com/go-vela/compiler (Go) Feb 15, 2022
matt-fevold wass3r
Credited to matt-fevold and wass3r
Potential API key leak Moderate
GHSA-63rq-p8fp-524q was published for sopel-modules.weather (pip) Apr 13, 2021
User enumeration in authentication mechanisms Low
GHSA-g2qj-pmxm-9f8f was published for symfony/security-http (Composer) May 17, 2021
Insecure Permissions in Gogs Critical
CVE-2019-14544 was published for gogs.io/gogs (Go) May 18, 2021
Information Exposure in RunC Moderate
CVE-2016-9962 was published for github.com/opencontainers/runc (Go) Dec 20, 2021
User (Encrypted) Password Field Being Serialised Low
GHSA-7fjp-g4m7-fx23 was published for pwweb/laravel-core (Composer) Apr 13, 2021
.NET Core Information Disclosure High
CVE-2018-8292 was published for System.Net.Http (NuGet) Apr 21, 2021
Information exposure via query strings in URL Low
GHSA-cq6h-w3mc-57f4 was published for shopware/core (Composer) Dec 21, 2020
datasette-graphql leaks details of the schema of private database files Low
GHSA-74hv-qjjq-h7g5 was published for datasette-graphql (pip) Nov 24, 2020
Potential sensitive data exposure in applications using Vaadin 15 Low
GHSA-76f4-fw33-6j2v was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
knoobie
Credited to knoobie
Unauthorized File Access in atompm High
GHSA-v86x-f47q-f7f4 was published for atompm (npm) Sep 11, 2020
Exposure of Sensitive Information in Hadoop Critical
CVE-2017-15718 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL Moderate
CVE-2018-8024 was published for org.apache.spark:spark-core_2.10 (Maven) Mar 14, 2019
Exposure of Sensitive Information to an Unauthorized Actor in Hadoop High
CVE-2018-1296 was published for org.apache.hadoop:hadoop-main (Maven) Feb 12, 2019
Sensitive Data Exposure in put Low
GHSA-v6gv-fg46-h89j was published for put (npm) Sep 3, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database