GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
23 advisories
Filter by severity
Apache StreamPark: Information leakage vulnerability
Moderate
CVE-2024-29120
was published
for
org.apache.streampark:streampark
(Maven)
Jul 17, 2024
Forwarding of confidentials headers to third parties in fluture-node
Low
CVE-2022-24719
was published
for
fluture-node
(npm)
Mar 1, 2022
Improper Removal of Sensitive Information Before Storage or Transfer in irrd
High
CVE-2022-24798
was published
for
irrd
(pip)
Apr 1, 2022
Information disclosure in podman
Moderate
CVE-2020-14370
was published
for
github.com/containers/podman/v2
(Go)
Apr 24, 2024
Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore
Moderate
CVE-2024-32028
was published
for
OpenTelemetry.Instrumentation.AspNetCore
(NuGet)
Apr 12, 2024
Exposure of information in Action Pack
High
CVE-2022-23633
was published
for
actionpack
(RubyGems)
Feb 11, 2022
Jenkins Support Core Plugin stores sensitive data in plain text
Moderate
CVE-2022-25187
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
Feb 16, 2022
Exposure of Sensitive Information in eventsource
Critical
CVE-2022-1650
was published
for
eventsource
(npm)
May 13, 2022
Buildah processes using chroot isolation may leak environment values to intermediate processes
Moderate
CVE-2021-3602
was published
for
github.com/containers/buildah
(Go)
Jul 19, 2021
Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logs
High
CVE-2022-31162
was published
for
slack-morphism
(Rust)
Jul 20, 2022
CURLOPT_HTTPAUTH option not cleared on change of origin
High
CVE-2022-31090
was published
for
guzzlehttp/guzzle
(Composer)
Jun 21, 2022
Protected fields exposed via LiveQuery
High
CVE-2022-31112
was published
for
parse-server
(npm)
Jul 6, 2022
Fix failure to strip Authorization header on HTTP downgrade
High
CVE-2022-31043
was published
for
guzzlehttp/guzzle
(Composer)
Jun 9, 2022
Failure to strip the Cookie header on change in host or HTTP downgrade
High
CVE-2022-31042
was published
for
guzzlehttp/guzzle
(Composer)
Jun 9, 2022
Cockpit Content Platform vulnerable to 2FA bypass
High
CVE-2022-2818
was published
for
cockpit-hq/cockpit
(Composer)
Aug 16, 2022
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects
Moderate
CVE-2022-0536
was published
for
follow-redirects
(npm)
Feb 10, 2022
usememos/memos may leak user information to an authenticated user
Moderate
CVE-2022-4734
was published
for
github.com/usememos/memos
(Go)
Dec 27, 2022
Wasmtime may have data leakage between instances in the pooling allocator
High
CVE-2022-39393
was published
for
wasmtime
(Rust)
Nov 10, 2022
Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak
High
CVE-2020-1940
was published
for
org.apache.jackrabbit:oak-core
(Maven)
Dec 10, 2021
Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault
Moderate
CVE-2021-38554
was published
for
github.com/hashicorp/vault
(Go)
Aug 30, 2021
Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
High
CVE-2022-30617
was published
for
@strapi/strapi
(npm)
May 20, 2022
Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
High
CVE-2022-30618
was published
for
@strapi/strapi
(npm)
May 20, 2022
ProTip!
Advisories are also available from the
GraphQL API