GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
6,044 advisories
Filter by severity
Titan SFTP and Titan MFT Server 2.0.25.2426 and earlier have a vulnerability a vulnerability...
Moderate
Unreviewed
CVE-2024-44685
was published
Sep 13, 2024
A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to...
Moderate
Unreviewed
CVE-2024-20503
was published
Sep 4, 2024
An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to...
Moderate
Unreviewed
CVE-2024-41629
was published
Sep 12, 2024
The Custom Post Limits plugin for WordPress is vulnerable to full path disclosure in all versions...
Moderate
Unreviewed
CVE-2024-6544
was published
Sep 13, 2024
Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization vulnerability...
Moderate
Unreviewed
CVE-2024-37930
was published
Aug 13, 2024
Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2023-42781
was published
for
apache-airflow
(pip)
Nov 12, 2023
Apache Airflow information exposure vulnerability
Moderate
CVE-2023-40712
was published
for
apache-airflow
(pip)
Sep 12, 2023
Apache Airflow vulnerable to Exposure of Sensitive Information
Moderate
CVE-2023-46288
was published
for
apache-airflow
(pip)
Oct 23, 2023
This issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1,...
Moderate
Unreviewed
CVE-2023-42846
was published
Oct 25, 2023
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform...
Moderate
Unreviewed
CVE-2024-8097
was published
Sep 11, 2024
Apache Airflow vulnerable to exposure of sensitive information
Moderate
CVE-2023-35005
was published
for
apache-airflow
(pip)
Jun 19, 2023
Apache Airflow information disclosure vulnerability
Moderate
CVE-2022-46651
was published
for
apache-airflow
(pip)
Jul 12, 2023
Exposure of Sensitive Information to an Unauthorized Actor in ansible
Moderate
CVE-2020-1746
was published
for
ansible
(pip)
Apr 20, 2021
Ansible discloses credential information
Moderate
CVE-2014-4660
was published
for
ansible
(pip)
May 17, 2022
Ansible sensitive information disclosure
Moderate
CVE-2018-16876
was published
for
ansible
(pip)
May 13, 2022
Sensitive information disclosure due to spell-jacking. The following products are affected:...
Moderate
Unreviewed
CVE-2023-44156
was published
Sep 27, 2023
This issue was addressed by restricting options offered on a locked device. This issue is fixed...
Moderate
Unreviewed
CVE-2023-41988
was published
Oct 25, 2023
Apache RocketMQ Vulnerable to Unauthorized Exposure of Sensitive Data
Moderate
CVE-2024-23321
was published
for
org.apache.rocketmq:rocketmq-all
(Maven)
Jul 22, 2024
An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4...
Moderate
Unreviewed
CVE-2024-31490
was published
Sep 10, 2024
Insertion of Sensitive Information into Log File, Invocation of Process Using Visible Sensitive Information, and Exposure of Sensitive Information to an Unauthorized Actor in Ansible
Moderate
CVE-2020-1753
was published
for
ansible
(pip)
Apr 7, 2021
IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2018-1546
was published
May 13, 2022
The Big File Uploads – Increase Maximum File Upload Size plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-8538
was published
Sep 7, 2024
Exposure of debug and metrics endpoints in Pomerium
Moderate
CVE-2022-24797
was published
for
github.com/pomerium/pomerium
(Go)
Sep 6, 2024
gnark's Groth16 commitment extension unsound for more than one commitment
Moderate
CVE-2024-45039
was published
for
github.com/consensys/gnark
(Go)
Sep 6, 2024
The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all...
Moderate
Unreviewed
CVE-2024-7415
was published
Sep 6, 2024
ProTip!
Advisories are also available from the
GraphQL API