Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

101 advisories

Loading
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark Moderate
CVE-2018-1334 was published for org.apache.spark:spark-core_2.10 (Maven) Mar 14, 2019
Exposure of Sensitive Information to an Unauthorized Actor in ansible Moderate
CVE-2019-10156 was published for ansible (pip) Jul 31, 2019
tdunlap607
Information disclosure in Apache Superset Moderate
CVE-2020-1932 was published for apache-superset (pip) Feb 26, 2020
Users can view database names in Apache Superset Moderate
CVE-2019-12414 was published for apache-superset (pip) Feb 26, 2020
Users able to query database metadata in Apache Superset Moderate
CVE-2019-12413 was published for apache-superset (pip) Feb 26, 2020
CSRF tokens leaked in URL by canned query form Moderate
GHSA-q6j3-c4wc-63vw was published for datasette (pip) Aug 11, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup Moderate
CVE-2021-21360 was published for Products.GenericSetup (pip) Mar 9, 2021
chutchut
Insertion of Sensitive Information into Log File, Invocation of Process Using Visible Sensitive Information, and Exposure of Sensitive Information to an Unauthorized Actor in Ansible Moderate
CVE-2020-1753 was published for ansible (pip) Apr 7, 2021
Exposure of Sensitive Information to an Unauthorized Actor and Insecure Temporary File in Ansible Moderate
CVE-2020-1740 was published for ansible (pip) Apr 7, 2021
Potential API key leak Moderate
GHSA-63rq-p8fp-524q was published for sopel-modules.weather (pip) Apr 13, 2021
Exposure of Sensitive Information to an Unauthorized Actor in ansible Moderate
CVE-2020-1746 was published for ansible (pip) Apr 20, 2021
Scrapy HTTP authentication credentials potentially leaked to target websites Moderate
CVE-2021-41125 was published for Scrapy (pip) Oct 6, 2021
Exposure of Sensitive Information to an Unauthorized Actor in ansible Moderate
CVE-2019-10217 was published for ansible (pip) Oct 12, 2021
Information disclosure vulnerability in OnionShare Moderate
CVE-2021-41867 was published for onionshare-cli (pip) Nov 19, 2021
Unsafe handling of user-specified cookies in treq Moderate
CVE-2022-23607 was published for treq (pip) Feb 1, 2022
glyph twm
Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy Moderate
CVE-2022-0577 was published for scrapy (pip) Mar 1, 2022
ranjit-git
Exposure of Sensitive Information to an Unauthorized Actor in httpie Moderate
CVE-2022-24737 was published for httpie (pip) Mar 7, 2022
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates Moderate
CVE-2021-4180 was published for tripleo-heat-templates (pip) Mar 24, 2022
OpenStack Nova Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2011-4076 was published for nova (pip) Apr 22, 2022
Mailman Sensitive Information Disclosure Moderate
CVE-2004-0412 was published for mailman (pip) Apr 29, 2022
Trac reStructuredText breach of privacy and denial of service vulnerability Moderate
CVE-2006-3695 was published for trac (pip) May 1, 2022
FTP backend for Duplicity Discloses Passwords to Process Listing Moderate
CVE-2007-5201 was published for duplicity (pip) May 1, 2022
Django Data leakage via admin history log Moderate
CVE-2013-0305 was published for Django (pip) May 5, 2022
Ansible sensitive information disclosure Moderate
CVE-2018-16876 was published for ansible (pip) May 13, 2022
OpenStack Identity Keystone Exposure of Sensitive Information Moderate
CVE-2014-3621 was published for keystone (pip) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database