GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
6,044 advisories
Filter by severity
Duplicate Advisory: Helm passes repository credentials to alternate domain
Moderate
GHSA-7jr6-prv4-5wf5
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
•
withdrawn
List of order ids, number, items total and token value exposed for unauthorized uses via new API
Moderate
CVE-2021-32720
was published
for
sylius/sylius
(Composer)
Jun 29, 2021
API information disclosure flaw in Elasticsearch
Moderate
CVE-2021-22135
was published
for
org.elasticsearch:elasticsearch
(Maven)
Jul 2, 2021
The reset password form reveal users email address
Moderate
CVE-2021-32731
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Jul 2, 2021
Encoded URIs can access WEB-INF directory in Eclipse Jetty
Moderate
CVE-2021-34429
was published
for
org.eclipse.jetty:jetty-webapp
(Maven)
Jul 19, 2021
Buildah processes using chroot isolation may leak environment values to intermediate processes
Moderate
CVE-2021-3602
was published
for
github.com/containers/buildah
(Go)
Jul 19, 2021
Privilege escalation: all users can access Admin-level API keys
Moderate
CVE-2021-39192
was published
for
ghost
(npm)
Jul 22, 2021
Incorrect Access Control in Nacos
Moderate
CVE-2020-19676
was published
for
com.alibaba.nacos:nacos-common
(Maven)
Aug 2, 2021
Exposed phpinfo() leadked via documentation files
Moderate
CVE-2021-37704
was published
for
phpfastcache/phpfastcache
(Composer)
Aug 30, 2021
Insertion of Sensitive Information into Externally-Accessible File or Directory and Exposure of Sensitive Information to an Unauthorized Actor in hbs
Moderate
CVE-2021-32822
was published
for
hbs
(npm)
Sep 2, 2021
Improper Certificate Handling
Moderate
CVE-2020-9321
was published
for
github.com/traefik/traefik
(Go)
Sep 2, 2021
Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-32712
was published
for
shopware/shopware
(Composer)
Sep 8, 2021
Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-32716
was published
for
shopware/platform
(Composer)
Sep 8, 2021
matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver
Moderate
CVE-2021-40823
was published
for
matrix-js-sdk
(npm)
Sep 14, 2021
Exposure of Sensitive Information in keycloak
Moderate
CVE-2020-1744
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 20, 2021
Scrapy HTTP authentication credentials potentially leaked to target websites
Moderate
CVE-2021-41125
was published
for
Scrapy
(pip)
Oct 6, 2021
Exposure of Sensitive Information to an Unauthorized Actor in ansible
Moderate
CVE-2019-10217
was published
for
ansible
(pip)
Oct 12, 2021
Credential Disclosure in System.DirectoryServices.Protocols
Moderate
CVE-2021-41355
was published
for
System.DirectoryServices.Protocols
(NuGet)
Oct 12, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Moodle
Moderate
CVE-2020-25703
was published
for
moodle/moodle
(Composer)
Oct 21, 2021
Unauthorized access to data in @sap-cloud-sdk/core
Moderate
CVE-2021-41251
was published
for
@sap-cloud-sdk/core
(npm)
Nov 10, 2021
Rails Multisite secure/signed cookies share secrets between sites in a multi-site application
Moderate
CVE-2021-41263
was published
for
rails_multisite
(RubyGems)
Nov 15, 2021
Information disclosure vulnerability in OnionShare
Moderate
CVE-2021-41867
was published
for
onionshare-cli
(pip)
Nov 19, 2021
Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not...
Moderate
Unreviewed
CVE-2021-42744
was published
Nov 20, 2021
Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when...
Moderate
Unreviewed
CVE-2019-5640
was published
Nov 23, 2021
Exposure of sensitive information in concrete5/core
Moderate
CVE-2021-22967
was published
for
concrete5/core
(Composer)
Nov 23, 2021
ProTip!
Advisories are also available from the
GraphQL API