GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm
High
GHSA-6vjm-54vp-mxhx
was published
for
github.com/juju/juju
(Go)
Aug 5, 2024
Duplicate Advisory: Juju leaks of the sensitive context ID
High
GHSA-8c64-q78q-87r6
was published
for
github.com/juju/juju
(Go)
Jul 29, 2024
•
withdrawn
Grafana User enumeration via forget password
High
CVE-2022-39307
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Exposure of sensitive information in ClickHouse
High
CVE-2024-23689
was published
for
com.clickhouse:clickhouse-client
(Maven)
Jan 19, 2024
@backstage/backend-app-api leaks GitLab access tokens
High
CVE-2023-6944
was published
for
@backstage/backend-app-api
(npm)
Jan 4, 2024
CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment
High
CVE-2023-46240
was published
for
codeigniter4/framework
(Composer)
Oct 30, 2023
league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase
High
CVE-2023-37260
was published
for
league/oauth2-server
(Composer)
Jul 6, 2023
SpiceDB binding metrics port to untrusted networks and can leak command-line flags
High
CVE-2023-29193
was published
for
github.com/authzed/spicedb
(Go)
Apr 13, 2023
Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`
High
CVE-2023-28117
was published
for
sentry-sdk
(pip)
Mar 21, 2023
Apache Airflow AWS Provider Generates Error Message Containing Sensitive Information
High
CVE-2023-25956
was published
for
apache-airflow-providers-amazon
(pip)
Feb 24, 2023
PgHero Allows Information Disclosure Through EXPLAIN Feature
High
CVE-2023-22626
was published
for
pghero
(RubyGems)
Jan 5, 2023
FrameworkUserBundle Generates Error Message Containing Sensitive Information
High
CVE-2015-10012
was published
for
sumocoders/framework-user-bundle
(Composer)
Jan 3, 2023
Incorrect implementation of lockout feature in Keycloak
High
CVE-2021-3513
was published
for
org.keycloak:keycloak-parent
(Maven)
Aug 23, 2022
Valinor error messages leading to potential data exfiltration before v0.12.0
High
CVE-2022-31140
was published
for
cuyz/valinor
(Composer)
Jul 12, 2022
NocoDB information disclosure vulnerability
High
CVE-2022-2062
was published
for
nocodb
(npm)
Jun 14, 2022
Shopware database password is leaked to an unauthenticated users
High
CVE-2020-13997
was published
for
shopware/core
(Composer)
May 24, 2022
OpenStack Nova Server Resource Faults Leak External Exception Details
High
CVE-2019-14433
was published
for
nova
(pip)
May 24, 2022
Generation of Error Message Containing Sensitive Information in microweber
High
CVE-2022-0660
was published
for
microweber/microweber
(Composer)
Feb 19, 2022
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability
High
CVE-2021-22885
was published
for
actionpack
(RubyGems)
May 5, 2021
ApiKey secret could be revelated on network issue
High
CVE-2021-21421
was published
for
node-etsy-client
(npm)
Apr 6, 2021
Authorization header is not sanitized in an error object in auth0
High
CVE-2020-15125
was published
for
auth0
(npm)
Jul 29, 2020
ProTip!
Advisories are also available from the
GraphQL API