GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
Tina search token leak via lock file in TinaCMS
High
CVE-2024-45391
was published
for
@tinacms/cli
(npm)
Sep 3, 2024
Sentry vulnerable to leaking superuser cleartext password in logs
High
CVE-2024-32474
was published
for
sentry
(pip)
Apr 18, 2024
Solr search discloses password hashes of all users
High
CVE-2023-50719
was published
for
org.xwiki.platform:xwiki-platform-search-solr-api
(Maven)
Dec 16, 2023
lakeFS logs S3 credentials in plain text
High
GHSA-4rgc-5g6r-2rjf
was published
for
github.com/treeverse/lakefs
(Go)
Dec 12, 2023
Nautobot vulnerable to exposure of hashed user passwords via REST API
High
CVE-2023-46128
was published
for
nautobot
(pip)
Oct 24, 2023
Weave GitOps Terraform Controller Information Disclosure Vulnerability
High
CVE-2023-34236
was published
for
github.com/weaveworks/tf-controller
(Go)
Jul 14, 2023
HashiCorp Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured
High
CVE-2023-0690
was published
for
github.com/hashicorp/boundary
(Go)
Jul 6, 2023
Data written to GitHub Actions Cache may expose secrets
High
CVE-2023-30853
was published
for
gradle/gradle-build-action
(GitHub Actions)
May 1, 2023
Strapi leaking sensitive user information by filtering on private fields
High
CVE-2023-22894
was published
for
@strapi/strapi
(npm)
Apr 19, 2023
Devise Gem for Ruby Unauthorized Access Using "Remember Me" Cookie
High
CVE-2015-8314
was published
for
devise
(RubyGems)
Jan 26, 2023
Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects
High
CVE-2022-43757
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Password exposure in H2 Database
High
CVE-2022-45868
was published
for
com.h2database:h2
(Maven)
Nov 23, 2022
Jenkins Delphix Plugin vulnerable to Cleartext credential storage
High
CVE-2019-10453
was published
for
org.jenkins-ci.plugins:delphix
(Maven)
May 24, 2022
Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin
High
CVE-2019-10448
was published
for
jenkins.xtc:extensivetesting
(Maven)
May 24, 2022
Jenkins iceScrum Plugin stores credentials in Cleartext
High
CVE-2019-10443
was published
for
org.jenkins-ci.plugins:icescrum
(Maven)
May 24, 2022
Jenkins NeoLoad Plugin stores credentials in cleartext
High
CVE-2019-10440
was published
for
org.jenkins-ci.plugins:neoload-jenkins-plugin
(Maven)
May 24, 2022
Plaintext Storage of Sensitive Information in Laravel Log Viewer before v0.13.0
High
CVE-2018-8947
was published
for
rap2hpoutre/laravel-log-viewer
(Composer)
May 13, 2022
django-celery-results Stores Sensitive Information In Cleartext
High
CVE-2020-17495
was published
for
django-celery-results
(pip)
Jun 4, 2021
Cleartext storage of session identifier
High
CVE-2020-26228
was published
for
typo3/cms
(Composer)
Nov 23, 2020
django-nopassword stores secrets in cleartext
High
CVE-2019-10682
was published
for
django-nopassword
(pip)
Jun 5, 2020
Sensitive data written to disk unencrypted in Spark
High
CVE-2019-10099
was published
for
org.apache.spark:spark-core_2.11
(Maven)
Aug 8, 2019
ProTip!
Advisories are also available from the
GraphQL API