Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

158 advisories

Loading
rdiffweb vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute High
CVE-2022-3174 was published for rdiffweb (pip) Sep 14, 2022
Gradio uses insecure communication between the FRP client and server High
CVE-2024-47871 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID High
CVE-2020-12691 was published for keystone (pip) May 24, 2022
Ansible Leaks Data Passed to ssh-keygen High
CVE-2018-16837 was published for ansible (pip) May 13, 2022
NASA AIT-Core uses unencrypted channels to exchange data over the network High
CVE-2024-35061 was published for ait-core (pip) May 21, 2024
AES OCB fails to encrypt some bytes High
CVE-2022-2097 was published for openssl-src (Rust) Jul 6, 2022
another-rex
Craft CMS Vulnerable to Server-Side Template Injection High
CVE-2018-20465 was published for craftcms/cms (Composer) May 13, 2022
Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute High
CVE-2018-25060 was published for github.com/go-macaron/csrf (Go) Dec 30, 2022
Jenkins HockeyApp Plugin stores credentials in plain text High
CVE-2019-1003053 was published for org.jenkins-ci.plugins:hockeyapp (Maven) May 13, 2022
twitch-tui's connection is not encrypted High
CVE-2023-38688 was published for twitch-tui (Rust) Jul 31, 2023
Roger
apk-parser2 downloads Resources over HTTP High
CVE-2016-10632 was published for apk-parser2 (npm) Sep 18, 2018
ibm_db downloads Resources over HTTP High
CVE-2016-10577 was published for ibm_db (npm) Feb 18, 2019
arrayfire-js downloads Resources over HTTP High
CVE-2016-10598 was published for arrayfire-js (npm) Feb 18, 2019
mystem downloads Resources over HTTP High
CVE-2016-10664 was published for mystem (npm) Feb 18, 2019
scalajs-standalone-bin Downloads Resources over HTTP High
CVE-2016-10634 was published for scalajs-standalone-bin (npm) Feb 18, 2019
closurecompiler downloads Resources over HTTP High
CVE-2016-10582 was published for closurecompiler (npm) Feb 18, 2019
grunt-images downloads Resources over HTTP High
CVE-2016-10645 was published for grunt-images (npm) Aug 15, 2018
frames-compiler downloads Resources over HTTP High
CVE-2016-10649 was published for frames-compiler (npm) Sep 1, 2020
poco downloads Resources over HTTP High
CVE-2016-10659 was published for poco (npm) Feb 18, 2019
windows-build-tools downloads Resources over HTTP High
CVE-2017-16003 was published for windows-build-tools (npm) Nov 9, 2018
herbivore downloads Resources over HTTP High
CVE-2016-10665 was published for herbivore (npm) Feb 18, 2019
headless-browser-lite downloads Resources over HTTP High
CVE-2016-10625 was published for headless-browser-lite (npm) Feb 18, 2019
fuseki downloads Resources over HTTP High
CVE-2016-10576 was published for fuseki (npm) Feb 18, 2019
slimerjs-edge downloads Resources over HTTP High
CVE-2016-10644 was published for slimerjs-edge (npm) Aug 15, 2018
jdf-sass downloads Resources over HTTP High
CVE-2016-10595 was published for jdf-sass (npm) Feb 18, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database