GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,067 advisories
Filter by severity
An issue was discovered on Renesas RX65 and RX65N devices. With a VCC glitch, an attacker can...
Moderate
Unreviewed
CVE-2021-43327
was published
Dec 3, 2021
Azure Active Directory Information Disclosure Vulnerability
Moderate
Unreviewed
CVE-2021-42306
was published
Nov 25, 2021
Scrapy HTTP authentication credentials potentially leaked to target websites
Moderate
CVE-2021-41125
was published
for
Scrapy
(pip)
Oct 6, 2021
Basic-auth app bundle credential exposure in gatsby-source-wordpress
High
CVE-2021-32770
was published
for
gatsby-source-wordpress
(npm)
Jul 19, 2021
Improper permission handling in Apache Solr
High
CVE-2021-29262
was published
for
org.apache.solr:solr-core
(Maven)
May 10, 2021
Client TLS credentials sent raw to server in npm package nats
Critical
GHSA-prmc-5v5w-c465
was published
for
nats
(npm)
Apr 6, 2021
Insufficiently Protected Credentials in Elasticsearch
Moderate
CVE-2021-22132
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 18, 2021
django-nopassword stores secrets in cleartext
High
CVE-2019-10682
was published
for
django-nopassword
(pip)
Jun 5, 2020
Private key leak in Apache CXF
High
CVE-2019-12423
was published
for
org.apache.cxf:apache-cxf
(Maven)
May 22, 2020
Information disclosure through error object in auth0.js
High
CVE-2020-5263
was published
for
auth0-js
(npm)
Apr 10, 2020
Insufficient Nonce Validation in Eclipse Milo Client
High
CVE-2019-19135
was published
for
org.eclipse.milo:sdk-client
(Maven)
Mar 16, 2020
Insufficiently Protected Credentials in Apache Tomcat
High
CVE-2019-12418
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Dec 26, 2019
Insufficiently Protected Credentials in Pivotal Reactor Netty
High
CVE-2019-11284
was published
for
io.projectreactor.netty:reactor-netty
(Maven)
Oct 23, 2019
Insufficiently Protected Credentials and Improper Authentication in Spring Security
High
CVE-2019-11272
was published
for
org.springframework.security:spring-security-cas
(Maven)
Jun 27, 2019
Insufficiently Protected Credentials in Requests
High
CVE-2018-18074
was published
for
requests
(pip)
Oct 29, 2018
Django allows unprivileged users to read the password hashes of arbitrary accounts
Moderate
CVE-2018-16984
was published
for
django
(pip)
Oct 3, 2018
ProTip!
Advisories are also available from the
GraphQL API