GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,634
NuGet
638
pip
3,250
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+
72 advisories
Filter by severity
Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error
Low
CVE-2023-34110
was published
for
Flask-AppBuilder
(pip)
Jun 22, 2023
Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2024-43376
was published
for
Umbraco.Cms.Api.Management
(NuGet)
Aug 20, 2024
Potential sensitive information disclosed in error reports
Low
CVE-2021-21416
was published
for
django-registration
(pip)
Apr 6, 2021
Sensitive Information in Error Messages in Apache Airflow
Moderate
CVE-2023-25695
was published
for
apache-airflow
(pip)
Mar 15, 2023
Ansible discloses sensitive information in traceback error message
Moderate
CVE-2021-3620
was published
for
ansible
(pip)
Mar 4, 2022
CKAN may leak Solr credentials via error message in package_search action
Moderate
CVE-2024-41674
was published
for
ckan
(pip)
Aug 21, 2024
Path traversal allows leaking out-of-bound files from Argo CD repo-server
Moderate
CVE-2022-24731
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm
High
GHSA-6vjm-54vp-mxhx
was published
for
github.com/juju/juju
(Go)
Aug 5, 2024
Grafana User enumeration via forget password
Moderate
CVE-2022-39307
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Duplicate Advisory: Juju leaks of the sensitive context ID
High
GHSA-8c64-q78q-87r6
was published
for
github.com/juju/juju
(Go)
Jul 29, 2024
•
withdrawn
Shopware database password is leaked to an unauthenticated users
High
CVE-2020-13997
was published
for
shopware/core
(Composer)
May 24, 2022
Generation of Error Message Containing Sensitive Information in zsa
Moderate
CVE-2024-37162
was published
for
zsa
(npm)
Jun 6, 2024
Argo-cd authenticated users can enumerate clusters by name
Moderate
CVE-2024-36106
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 6, 2024
github.com/huandu/facebook may expose access_token in error message.
Low
CVE-2024-35232
was published
for
github.com/huandu/facebook/v2
(Go)
May 24, 2024
silverstripe/framework may disclose database credentials during connection failure
Moderate
GHSA-m2hh-2m46-x6j5
was published
for
silverstripe/framework
(Composer)
May 28, 2024
Google Sheets data source plugin for Grafana information disclosure vulnerability
Moderate
CVE-2023-4457
was published
for
github.com/grafana/google-sheets-datasource
(Go)
Oct 16, 2023
Passbolt Api Retrieval of HTTP-only cookies
Low
GHSA-f5pp-pmq8-gp46
was published
for
passbolt/passbolt_api
(Composer)
May 20, 2024
Path Disclosure within joomla/filesystem class
Moderate
CVE-2022-23794
was published
for
joomla/filesystem
(Composer)
Mar 31, 2022
OpenStack Nova Server Resource Faults Leak External Exception Details
Moderate
CVE-2019-14433
was published
for
nova
(pip)
May 24, 2022
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2024-21733
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 19, 2024
Generation of Error Message Containing Sensitive Information in Keycloak
Low
CVE-2020-1717
was published
for
org.keycloak:keycloak-parent
(Maven)
Feb 9, 2022
FrameworkUserBundle Generates Error Message Containing Sensitive Information
High
CVE-2015-10012
was published
for
sumocoders/framework-user-bundle
(Composer)
Jan 3, 2023
Exceptions displayed in non-debug configurations in Symfony
Moderate
CVE-2020-5274
was published
for
symfony/error-handler
(Composer)
Mar 30, 2020
@backstage/backend-app-api leaks GitLab access tokens
High
CVE-2023-6944
was published
for
@backstage/backend-app-api
(npm)
Jan 4, 2024
Exposure of sensitive information in ClickHouse
High
CVE-2024-23689
was published
for
com.clickhouse:clickhouse-client
(Maven)
Jan 19, 2024
ProTip!
Advisories are also available from the
GraphQL API