GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,222
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,705
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
Setuptools vulnerable to Man-in-the-middle attacks
High
CVE-2013-1633
was published
for
setuptools
(pip)
May 17, 2022
NASA AIT-Core vulnerable to remote code execution
High
CVE-2024-35058
was published
for
ait-core
(pip)
May 21, 2024
NASA AIT-Core vulnerable to remote code execution
High
CVE-2024-35057
was published
for
ait-core
(pip)
May 21, 2024
Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass
High
CVE-2024-0056
was published
for
Microsoft.Data.SqlClient
(NuGet)
Jan 9, 2024
dectalk-tts Uses Unencrypted HTTP Request
High
CVE-2024-31206
was published
for
dectalk-tts
(npm)
Apr 4, 2024
Cleartext Transmission of Sensitive Information in Apache nifi
High
CVE-2018-17195
was published
for
org.apache.nifi:nifi
(Maven)
Dec 20, 2018
Jenkins Aqua Security Scanner Plugin showed plain text password in configuration form
High
CVE-2019-10428
was published
for
org.jenkins-ci.plugins:aqua-security-scanner
(Maven)
May 24, 2022
Keycloak vulnerable to Plaintext Storage of User Password
High
CVE-2023-4918
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 12, 2023
Pgsync Contains Cleartext Transmission of Sensitive Information
High
CVE-2021-31671
was published
for
pgsync
(RubyGems)
Apr 27, 2021
Gitops Run insecure communication
High
CVE-2022-23509
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jan 9, 2023
phpMyFAQ has insecure HTTP cookies
High
CVE-2022-4409
was published
for
thorsten/phpmyfaq
(Composer)
Dec 11, 2022
Potentially compromised builds
High
CVE-2019-10249
was published
for
org.eclipse.xtend:org.eclipse.xtend.core
(Maven)
May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Kafka
High
CVE-2019-12399
was published
for
org.apache.kafka:kafka
(Maven)
May 12, 2020
Missing Encryption of Sensitive Data in yarn
High
CVE-2019-5448
was published
for
yarn
(npm)
Jul 31, 2019
tiny-csrf has openly visible CSRF tokens
High
CVE-2022-39287
was published
for
tiny-csrf
(npm)
Oct 7, 2022
Jenkins SourceGear Vault plugin transmits credentials in plain text
High
CVE-2019-10435
was published
for
org.jenkins-ci.plugins:vault-scm-plugin
(Maven)
May 24, 2022
Missing encryption in Apache Directory Studio
High
CVE-2021-33900
was published
for
org.apache.directory.studio:org.apache.directory.studio.parent
(Maven)
Aug 9, 2021
Code injection in concrete CMS
High
CVE-2022-21829
was published
for
concrete5/core
(Composer)
Jun 25, 2022
Cleartext Transmission of Sensitive Information in Apache MINA
High
CVE-2019-0231
was published
for
org.apache.mina:mina-core
(Maven)
May 24, 2022
Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit
High
CVE-2019-10240
was published
for
org.eclipse.hawkbit:hawkbit-autoconfigure
(Maven)
Apr 15, 2019
High severity vulnerability that affects com.github.shyiko.ktlint:ktlint-core
High
CVE-2019-1010260
was published
for
com.github.shyiko.ktlint:ktlint-core
(Maven)
Apr 8, 2019
ProTip!
Advisories are also available from the
GraphQL API