Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

8,908 advisories

Loading
Insecure template handling in Squirrelly High
CVE-2021-32819 was published for squirrelly (npm) May 17, 2021
nebrelbug
User enumeration in authentication mechanisms Low
GHSA-g2qj-pmxm-9f8f was published for symfony/security-http (Composer) May 17, 2021
User enumeration in authentication mechanisms Low
GHSA-2frx-j9hj-6c65 was published for lexik/jwt-authentication-bundle (Composer) May 17, 2021
mbrodala chalasr
Information Disclosure in Apache Tomcat Moderate
CVE-2021-24122 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 13, 2021
sunSUNQ
Prevent user enumeration using Guard or the new Authenticator-based Security Moderate
CVE-2021-21424 was published for lexik/jwt-authentication-bundle (Composer) May 13, 2021
jamesisaac mbrodala
chalasr
Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket High
CVE-2020-11976 was published for org.apache.wicket:wicket-core (Maven) May 7, 2021
jacobovazquez
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability High
CVE-2021-22885 was published for actionpack (RubyGems) May 5, 2021
Plaintext password leak in Apache Superset High
CVE-2020-13952 was published for apache-superset (pip) Apr 30, 2021
.NET Core Information Disclosure High
CVE-2018-8292 was published for System.Net.Http (NuGet) Apr 21, 2021
Exposure of Sensitive Information to an Unauthorized Actor in ansible Moderate
CVE-2020-1746 was published for ansible (pip) Apr 20, 2021
Potential sensitive data exposure in applications using Vaadin 15 Low
CVE-2020-36319 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
knoobie
Potential sensitive data exposure in applications using Vaadin 15 Low
GHSA-76f4-fw33-6j2v was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
knoobie
User (Encrypted) Password Field Being Serialised Low
GHSA-7fjp-g4m7-fx23 was published for pwweb/laravel-core (Composer) Apr 13, 2021
Potential API key leak Moderate
GHSA-63rq-p8fp-524q was published for sopel-modules.weather (pip) Apr 13, 2021
Exposure of Sensitive Information to an Unauthorized Actor and Insecure Temporary File in Ansible Moderate
CVE-2020-1740 was published for ansible (pip) Apr 7, 2021
Insertion of Sensitive Information into Log File, Invocation of Process Using Visible Sensitive Information, and Exposure of Sensitive Information to an Unauthorized Actor in Ansible Moderate
CVE-2020-1753 was published for ansible (pip) Apr 7, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Ansible Low
CVE-2020-1739 was published for ansible (pip) Apr 7, 2021
Directory exposure in jetty Low
CVE-2021-28163 was published for org.eclipse.jetty:jetty-deploy (Maven) Apr 6, 2021
svarovski
Authorization Before Parsing and Canonicalization in jetty Moderate
CVE-2021-28164 was published for org.eclipse.jetty:jetty-webapp (Maven) Apr 6, 2021
charlesk40
ApiKey secret could be revelated on network issue High
CVE-2021-21421 was published for node-etsy-client (npm) Apr 6, 2021
boly38
Moodle allowed some users without permission to view other users' full names Moderate
CVE-2021-20281 was published for moodle/moodle (Composer) Mar 29, 2021
Information Disclosure in Guava Low
CVE-2020-8908 was published for com.google.guava:guava (Maven) Mar 25, 2021
joshbressers
OMERO.web exposes some unnecessary session information in the page High
CVE-2021-21376 was published for omero-web (pip) Mar 23, 2021
Django Channels leakage of session identifiers using legacy AsgiHandler High
CVE-2020-35681 was published for channels (pip) Mar 19, 2021
Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-22134 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database