GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
175 advisories
Filter by severity
Exposure of Sensitive information in httpie
Low
CVE-2022-0430
was published
for
httpie
(pip)
Mar 16, 2022
Home Assistant information disclosure vulnerability
High
CVE-2018-21019
was published
for
homeassistant
(pip)
May 24, 2022
Home Assistant vulnerable to account takeover via auth_callback login
Moderate
CVE-2023-41893
was published
for
homeassistant
(pip)
Oct 26, 2023
FreeIPA logs passwords embedded in commands in calls using batch
Moderate
CVE-2019-10195
was published
for
freeipa
(pip)
May 24, 2022
Exposure of Sensitive Information in EVE-SRP
Moderate
CVE-2020-36660
was published
for
EVE-SRP
(pip)
Feb 6, 2023
Django vulnerable to information leakage in AuthenticationForm
High
CVE-2018-6188
was published
for
Django
(pip)
Oct 3, 2018
Django Data leakage via admin history log
Moderate
CVE-2013-0305
was published
for
Django
(pip)
May 5, 2022
Django data leakage via querystring manipulation in admin
Moderate
CVE-2014-0483
was published
for
Django
(pip)
May 14, 2022
Django settings leak in date template filter
Moderate
CVE-2015-8213
was published
for
Django
(pip)
May 17, 2022
django-markupfield Arbitrary File Read
High
CVE-2015-0846
was published
for
django-markupfield
(pip)
May 17, 2022
Django-Anymail prone to a timing attack
Critical
CVE-2018-6596
was published
for
django-anymail
(pip)
Jul 12, 2018
Django Channels leakage of session identifiers using legacy AsgiHandler
High
CVE-2020-35681
was published
for
channels
(pip)
Mar 19, 2021
ceph-deploy allows local users to obtain sensitive information by reading the file
Low
CVE-2015-3010
was published
for
ceph-deploy
(pip)
May 17, 2022
Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2023-42781
was published
for
apache-airflow
(pip)
Nov 12, 2023
Apache Airflow Execution with Unnecessary Privileges
High
CVE-2023-39508
was published
for
apache-airflow
(pip)
Aug 5, 2023
Apache Airflow denial of service vulnerability
High
CVE-2023-37379
was published
for
apache-airflow
(pip)
Aug 23, 2023
Apache Airflow information exposure vulnerability
Moderate
CVE-2023-40712
was published
for
apache-airflow
(pip)
Sep 12, 2023
Apache Airflow subject to Exposure of Sensitive Information
High
CVE-2022-27949
was published
for
apache-airflow
(pip)
Nov 14, 2022
Apache Airflow vulnerable to Exposure of Sensitive Information
Moderate
CVE-2023-46288
was published
for
apache-airflow
(pip)
Oct 23, 2023
Apache Airflow vulnerable to exposure of sensitive information
Moderate
CVE-2023-35005
was published
for
apache-airflow
(pip)
Jun 19, 2023
Apache Airflow information disclosure vulnerability
Moderate
CVE-2022-46651
was published
for
apache-airflow
(pip)
Jul 12, 2023
Exposure of Sensitive Information to an Unauthorized Actor in ansible
Moderate
CVE-2020-1746
was published
for
ansible
(pip)
Apr 20, 2021
Ansible discloses credential information
Moderate
CVE-2014-4660
was published
for
ansible
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API