GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
22 advisories
Filter by severity
Grafana information disclosure
High
CVE-2020-12458
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Sensitive data written to disk unencrypted in Spark
High
CVE-2019-10099
was published
for
org.apache.spark:spark-core_2.11
(Maven)
Aug 8, 2019
Nautobot vulnerable to exposure of hashed user passwords via REST API
High
CVE-2023-46128
was published
for
nautobot
(pip)
Oct 24, 2023
django-nopassword stores secrets in cleartext
High
CVE-2019-10682
was published
for
django-nopassword
(pip)
Jun 5, 2020
django-celery-results Stores Sensitive Information In Cleartext
High
CVE-2020-17495
was published
for
django-celery-results
(pip)
Jun 4, 2021
Tina search token leak via lock file in TinaCMS
High
CVE-2024-45391
was published
for
@tinacms/cli
(npm)
Sep 3, 2024
Password exposure in H2 Database
High
CVE-2022-45868
was published
for
com.h2database:h2
(Maven)
Nov 23, 2022
Sentry vulnerable to leaking superuser cleartext password in logs
High
CVE-2024-32474
was published
for
sentry
(pip)
Apr 18, 2024
Cleartext storage of session identifier
High
CVE-2020-26228
was published
for
typo3/cms
(Composer)
Nov 23, 2020
Solr search discloses password hashes of all users
High
CVE-2023-50719
was published
for
org.xwiki.platform:xwiki-platform-search-solr-api
(Maven)
Dec 16, 2023
Devise Gem for Ruby Unauthorized Access Using "Remember Me" Cookie
High
CVE-2015-8314
was published
for
devise
(RubyGems)
Jan 26, 2023
lakeFS logs S3 credentials in plain text
High
GHSA-4rgc-5g6r-2rjf
was published
for
github.com/treeverse/lakefs
(Go)
Dec 12, 2023
Strapi leaking sensitive user information by filtering on private fields
High
CVE-2023-22894
was published
for
@strapi/strapi
(npm)
Apr 19, 2023
Data written to GitHub Actions Cache may expose secrets
High
CVE-2023-30853
was published
for
gradle/gradle-build-action
(GitHub Actions)
May 1, 2023
Weave GitOps Terraform Controller Information Disclosure Vulnerability
High
CVE-2023-34236
was published
for
github.com/weaveworks/tf-controller
(Go)
Jul 14, 2023
Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin
High
CVE-2019-10448
was published
for
jenkins.xtc:extensivetesting
(Maven)
May 24, 2022
Plaintext Storage of Sensitive Information in Laravel Log Viewer before v0.13.0
High
CVE-2018-8947
was published
for
rap2hpoutre/laravel-log-viewer
(Composer)
May 13, 2022
HashiCorp Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured
High
CVE-2023-0690
was published
for
github.com/hashicorp/boundary
(Go)
Jul 6, 2023
Jenkins iceScrum Plugin stores credentials in Cleartext
High
CVE-2019-10443
was published
for
org.jenkins-ci.plugins:icescrum
(Maven)
May 24, 2022
Jenkins NeoLoad Plugin stores credentials in cleartext
High
CVE-2019-10440
was published
for
org.jenkins-ci.plugins:neoload-jenkins-plugin
(Maven)
May 24, 2022
Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects
High
CVE-2022-43757
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Jenkins Delphix Plugin vulnerable to Cleartext credential storage
High
CVE-2019-10453
was published
for
org.jenkins-ci.plugins:delphix
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API