GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
158 advisories
Filter by severity
rdiffweb vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
High
CVE-2022-3174
was published
for
rdiffweb
(pip)
Sep 14, 2022
Gradio uses insecure communication between the FRP client and server
High
CVE-2024-47871
was published
for
gradio
(pip)
Oct 10, 2024
OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID
High
CVE-2020-12691
was published
for
keystone
(pip)
May 24, 2022
Ansible Leaks Data Passed to ssh-keygen
High
CVE-2018-16837
was published
for
ansible
(pip)
May 13, 2022
NASA AIT-Core uses unencrypted channels to exchange data over the network
High
CVE-2024-35061
was published
for
ait-core
(pip)
May 21, 2024
AES OCB fails to encrypt some bytes
High
CVE-2022-2097
was published
for
openssl-src
(Rust)
Jul 6, 2022
Craft CMS Vulnerable to Server-Side Template Injection
High
CVE-2018-20465
was published
for
craftcms/cms
(Composer)
May 13, 2022
Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute
High
CVE-2018-25060
was published
for
github.com/go-macaron/csrf
(Go)
Dec 30, 2022
Jenkins HockeyApp Plugin stores credentials in plain text
High
CVE-2019-1003053
was published
for
org.jenkins-ci.plugins:hockeyapp
(Maven)
May 13, 2022
twitch-tui's connection is not encrypted
High
CVE-2023-38688
was published
for
twitch-tui
(Rust)
Jul 31, 2023
apk-parser2 downloads Resources over HTTP
High
CVE-2016-10632
was published
for
apk-parser2
(npm)
Sep 18, 2018
ibm_db downloads Resources over HTTP
High
CVE-2016-10577
was published
for
ibm_db
(npm)
Feb 18, 2019
arrayfire-js downloads Resources over HTTP
High
CVE-2016-10598
was published
for
arrayfire-js
(npm)
Feb 18, 2019
mystem downloads Resources over HTTP
High
CVE-2016-10664
was published
for
mystem
(npm)
Feb 18, 2019
scalajs-standalone-bin Downloads Resources over HTTP
High
CVE-2016-10634
was published
for
scalajs-standalone-bin
(npm)
Feb 18, 2019
closurecompiler downloads Resources over HTTP
High
CVE-2016-10582
was published
for
closurecompiler
(npm)
Feb 18, 2019
grunt-images downloads Resources over HTTP
High
CVE-2016-10645
was published
for
grunt-images
(npm)
Aug 15, 2018
frames-compiler downloads Resources over HTTP
High
CVE-2016-10649
was published
for
frames-compiler
(npm)
Sep 1, 2020
windows-build-tools downloads Resources over HTTP
High
CVE-2017-16003
was published
for
windows-build-tools
(npm)
Nov 9, 2018
herbivore downloads Resources over HTTP
High
CVE-2016-10665
was published
for
herbivore
(npm)
Feb 18, 2019
headless-browser-lite downloads Resources over HTTP
High
CVE-2016-10625
was published
for
headless-browser-lite
(npm)
Feb 18, 2019
fuseki downloads Resources over HTTP
High
CVE-2016-10576
was published
for
fuseki
(npm)
Feb 18, 2019
slimerjs-edge downloads Resources over HTTP
High
CVE-2016-10644
was published
for
slimerjs-edge
(npm)
Aug 15, 2018
jdf-sass downloads Resources over HTTP
High
CVE-2016-10595
was published
for
jdf-sass
(npm)
Feb 18, 2019
ProTip!
Advisories are also available from the
GraphQL API