Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

103 advisories

Loading
Exposure of Sensitive Information to an Unauthorized Actor in ansible Moderate
CVE-2019-10156 was published for ansible (pip) Jul 31, 2019
tdunlap607
Information disclosure in Apache Superset Moderate
CVE-2020-1932 was published for apache-superset (pip) Feb 26, 2020
Users can view database names in Apache Superset Moderate
CVE-2019-12414 was published for apache-superset (pip) Feb 26, 2020
Users able to query database metadata in Apache Superset Moderate
CVE-2019-12413 was published for apache-superset (pip) Feb 26, 2020
CSRF tokens leaked in URL by canned query form Moderate
GHSA-q6j3-c4wc-63vw was published for datasette (pip) Aug 11, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Products.PluggableAuthService ZODBRoleManager Moderate
CVE-2021-21336 was published for Products.PluggableAuthService (pip) Mar 8, 2021
chutchut
OMERO.web exposes some unnecessary session information in the page Moderate
CVE-2021-21376 was published for omero-web (pip) Mar 23, 2021
Insertion of Sensitive Information into Log File, Invocation of Process Using Visible Sensitive Information, and Exposure of Sensitive Information to an Unauthorized Actor in Ansible Moderate
CVE-2020-1753 was published for ansible (pip) Apr 7, 2021
Exposure of Sensitive Information to an Unauthorized Actor and Insecure Temporary File in Ansible Moderate
CVE-2020-1740 was published for ansible (pip) Apr 7, 2021
Potential API key leak Moderate
GHSA-63rq-p8fp-524q was published for sopel-modules.weather (pip) Apr 13, 2021
Exposure of Sensitive Information to an Unauthorized Actor in ansible Moderate
CVE-2020-1746 was published for ansible (pip) Apr 20, 2021
Scrapy HTTP authentication credentials potentially leaked to target websites Moderate
CVE-2021-41125 was published for Scrapy (pip) Oct 6, 2021
Exposure of Sensitive Information to an Unauthorized Actor in ansible Moderate
CVE-2019-10217 was published for ansible (pip) Oct 12, 2021
Information disclosure vulnerability in OnionShare Moderate
CVE-2021-41867 was published for onionshare-cli (pip) Nov 19, 2021
Unsafe handling of user-specified cookies in treq Moderate
CVE-2022-23607 was published for treq (pip) Feb 1, 2022
glyph twm
Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy Moderate
CVE-2022-0577 was published for scrapy (pip) Mar 1, 2022
ranjit-git
Exposure of Sensitive Information to an Unauthorized Actor in httpie Moderate
CVE-2022-24737 was published for httpie (pip) Mar 7, 2022
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates Moderate
CVE-2021-4180 was published for tripleo-heat-templates (pip) Mar 24, 2022
OpenStack Nova Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2011-4076 was published for nova (pip) Apr 22, 2022
Mailman Sensitive Information Disclosure Moderate
CVE-2004-0412 was published for mailman (pip) Apr 29, 2022
Trac reStructuredText breach of privacy and denial of service vulnerability Moderate
CVE-2006-3695 was published for trac (pip) May 1, 2022
FTP backend for Duplicity Discloses Passwords to Process Listing Moderate
CVE-2007-5201 was published for duplicity (pip) May 1, 2022
Paramiko Unsafe randomness usage may allow access to sensitive information Moderate
CVE-2008-0299 was published for paramiko (pip) May 1, 2022
Django Data leakage via admin history log Moderate
CVE-2013-0305 was published for Django (pip) May 5, 2022
Ansible sensitive information disclosure Moderate
CVE-2018-16876 was published for ansible (pip) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database