GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
214 advisories
Filter by severity
Snowflake JDBC Security Advisory
Moderate
CVE-2024-43382
was published
for
net.snowflake:snowflake-jdbc
(Maven)
Oct 30, 2024
rdiffweb vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
High
CVE-2022-3174
was published
for
rdiffweb
(pip)
Sep 14, 2022
rdiffweb has insecure HTTP cookies
Moderate
CVE-2022-3250
was published
for
rdiffweb
(pip)
Sep 22, 2022
Gradio uses insecure communication between the FRP client and server
High
CVE-2024-47871
was published
for
gradio
(pip)
Oct 10, 2024
OpenStack Keystone does not check signature TTL of the EC2 credential auth method
Moderate
CVE-2020-12692
was published
for
keystone
(pip)
May 24, 2022
OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID
High
CVE-2020-12691
was published
for
keystone
(pip)
May 24, 2022
Ansible Leaks Data Passed to ssh-keygen
High
CVE-2018-16837
was published
for
ansible
(pip)
May 13, 2022
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`
Low
CVE-2024-41124
was published
for
puncia
(pip)
Jul 19, 2024
Elasticsearch stores private key on disk unencrypted
Moderate
CVE-2024-23444
was published
for
org.elasticsearch:elasticsearch
(Maven)
Jul 31, 2024
Unencrypted traffic between pods when using Wireguard and an external kvstore
Moderate
CVE-2024-25631
was published
for
github.com/cilium/cilium
(Go)
Feb 20, 2024
Unencrypted ingress/health traffic when using Wireguard transparent encryption
Moderate
CVE-2024-25630
was published
for
github.com/cilium/cilium
(Go)
Feb 20, 2024
NASA AIT-Core uses unencrypted channels to exchange data over the network
High
CVE-2024-35061
was published
for
ait-core
(pip)
May 21, 2024
AES OCB fails to encrypt some bytes
High
CVE-2022-2097
was published
for
openssl-src
(Rust)
Jul 6, 2022
silverstripe/framework users inadvertently passing sensitive data to LoginAttempt
Moderate
GHSA-ph62-fv59-vf9h
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Croc requires senders to provide local IP addresses in cleartext
Moderate
CVE-2023-43618
was published
for
github.com/schollz/croc/v9
(Go)
Sep 20, 2023
Craft CMS Vulnerable to Server-Side Template Injection
High
CVE-2018-20465
was published
for
craftcms/cms
(Composer)
May 13, 2022
Unencrypted traffic between nodes when using IPsec and L7 policies
Moderate
CVE-2024-28249
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
Unencrypted traffic between nodes when using WireGuard and L7 policies
Moderate
CVE-2024-28250
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute
High
CVE-2018-25060
was published
for
github.com/go-macaron/csrf
(Go)
Dec 30, 2022
1Panel set-cookie is missing the Secure keyword
Moderate
CVE-2024-24768
was published
for
github.com/1Panel-dev/1Panel
(Go)
Feb 5, 2024
Jenkins Fabric-beta-publisher Plugin stores credentials in plain text
Moderate
CVE-2019-1003088
was published
for
egor-n:fabric-beta-publisher
(Maven)
May 13, 2022
Jenkins Perfecto Mobile Plugin stores credentials in plain text
Moderate
CVE-2019-1003095
was published
for
org.jenkins-ci.plugins:perfectomobile
(Maven)
May 13, 2022
Jenkins Open STF Plugin stores credentials in plain text
Moderate
CVE-2019-1003094
was published
for
org.jenkins-ci.plugins:open-stf
(Maven)
May 13, 2022
Jenkins HockeyApp Plugin stores credentials in plain text
High
CVE-2019-1003053
was published
for
org.jenkins-ci.plugins:hockeyapp
(Maven)
May 13, 2022
Jenkins Upload to pgyer Plugin stores credentials in plain text
Moderate
CVE-2019-1003089
was published
for
ren.helloworld:upload-pgyer
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API