Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

105 advisories

Loading
CSRF tokens leaked in URL by canned query form Moderate
GHSA-q6j3-c4wc-63vw was published for datasette (pip) Aug 11, 2020
Potential API key leak Moderate
GHSA-63rq-p8fp-524q was published for sopel-modules.weather (pip) Apr 13, 2021
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates Moderate
CVE-2021-4180 was published for tripleo-heat-templates (pip) Mar 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Products.PluggableAuthService ZODBRoleManager Moderate
CVE-2021-21336 was published for Products.PluggableAuthService (pip) Mar 8, 2021
chutchut
OMERO.web exposes some unnecessary session information in the page Moderate
CVE-2021-21376 was published for omero-web (pip) Mar 23, 2021
Information disclosure vulnerability in OnionShare Moderate
CVE-2021-41867 was published for onionshare-cli (pip) Nov 19, 2021
Exposure of Sensitive Information to an Unauthorized Actor in httpie Moderate
CVE-2022-24737 was published for httpie (pip) Mar 7, 2022
OpenStack Compute (Nova) Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2014-3517 was published for nova (pip) May 14, 2022
Exposure of Sensitive Information in Plone Moderate
CVE-2012-5508 was published for Plone (pip) May 17, 2022
OpenStack Cinder Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2014-3641 was published for cinder (pip) May 17, 2022
OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file Moderate
CVE-2015-5163 was published for glance (pip) May 17, 2022
tdunlap607
OMERO-web Sensitive Data Exposure Moderate
CVE-2020-7932 was published for omero-web (pip) May 24, 2022
OpenStack Object Storage (Swift) Sensitive Data Exposure Moderate
CVE-2015-5223 was published for swift (pip) May 14, 2022
Weblate user account enumeration via reset password form Moderate
CVE-2017-5537 was published for weblate (pip) May 17, 2022
Plone User account enumeration via crafted URL Moderate
CVE-2012-5497 was published for plone (pip) May 17, 2022
tdunlap607
aptdaemon Information Disclosure via Improper Input Validation in Transaction class Moderate
CVE-2020-15703 was published for aptdaemon (pip) May 24, 2022
Roundup sensitive data disclosure vulnerability Moderate
CVE-2014-6276 was published for roundup (pip) May 17, 2022
OpenStack Swift Discloses Secret URLs to Timing Attack Moderate
CVE-2014-0006 was published for swift (pip) May 17, 2022
Plone Filesystem path information leak Moderate
CVE-2013-7060 was published for plone (pip) May 17, 2022
Plone is vulnerable to information exposure via the object manager implementation Moderate
CVE-2013-4196 was published for plone (pip) May 17, 2022
Plone is vulnerable to Information Exposure when generating zip archives Moderate
CVE-2013-4191 was published for plone (pip) May 17, 2022
Plone Information Disclosure Moderate
CVE-2012-5505 was published for plone (pip) May 17, 2022
Plone Information Disclosure Moderate
CVE-2012-5491 was published for plone (pip) May 17, 2022
Plone Metadata Disclosure Moderate
CVE-2012-5492 was published for plone (pip) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Requests Moderate
CVE-2014-1830 was published for requests (pip) May 14, 2022
ProTip! Advisories are also available from the GraphQL API