GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
157 advisories
Filter by severity
NASA AIT-Core uses unencrypted channels to exchange data over the network
High
CVE-2024-35061
was published
for
ait-core
(pip)
May 21, 2024
twitch-tui's connection is not encrypted
High
CVE-2023-38688
was published
for
twitch-tui
(Rust)
Jul 31, 2023
HashiCorp Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured
High
CVE-2023-0690
was published
for
github.com/hashicorp/boundary
(Go)
Jul 6, 2023
Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute
High
CVE-2018-25060
was published
for
github.com/go-macaron/csrf
(Go)
Dec 30, 2022
Noise vulnerable to denial of service
High
CVE-2021-4239
was published
for
github.com/flynn/noise
(Go)
Dec 28, 2022
phpMyFAQ has insecure HTTP cookies
High
CVE-2022-4409
was published
for
thorsten/phpmyfaq
(Composer)
Dec 11, 2022
rdiffweb 2.4.1 vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
High
CVE-2022-3174
was published
for
rdiffweb
(pip)
Sep 14, 2022
AES OCB fails to encrypt some bytes
High
CVE-2022-2097
was published
for
openssl-src
(Rust)
Jul 6, 2022
OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID
High
CVE-2020-12691
was published
for
keystone
(pip)
May 24, 2022
OpenAPI Tools OpenAPI Generator uses HTTP in various files
High
CVE-2019-11405
was published
for
org.openapitools:openapi-generator
(Maven)
May 24, 2022
Craft CMS Vulnerable to Server-Side Template Injection
High
CVE-2018-20465
was published
for
craftcms/cms
(Composer)
May 13, 2022
Ansible Leaks Data Passed to ssh-keygen
High
CVE-2018-16837
was published
for
ansible
(pip)
May 13, 2022
Missing Encryption of Sensitive Data in Apache Guacamole
High
CVE-2018-1340
was published
for
org.apache.guacamole:guacamole-common
(Maven)
May 13, 2022
Jenkins HockeyApp Plugin stores credentials in plain text
High
CVE-2019-1003053
was published
for
org.jenkins-ci.plugins:hockeyapp
(Maven)
May 13, 2022
Missing encryption in Apache Directory Studio
High
CVE-2021-33900
was published
for
org.apache.directory.studio:org.apache.directory.studio.parent
(Maven)
Aug 9, 2021
Downloads Resources over HTTP in pm2-kafka
High
CVE-2016-10693
was published
for
pm2-kafka
(npm)
Sep 1, 2020
Downloads Resources over HTTP in npm-test-sqlite3-trunk
High
CVE-2016-10695
was published
for
npm-test-sqlite3-trunk
(npm)
Sep 1, 2020
Downloads Resources over HTTP in windows-latestchromedriver
High
CVE-2016-10696
was published
for
windows-latestchromedriver
(npm)
Sep 1, 2020
Downloads Resources over HTTP in roslib-socketio
High
CVE-2016-10681
was published
for
roslib-socketio
(npm)
Sep 1, 2020
gfe-sass downloads Resources over HTTP
High
CVE-2017-16040
was published
for
gfe-sass
(npm)
Sep 1, 2020
windows-selenium-chromedriver downloads Resources over HTTP
High
CVE-2016-10687
was published
for
windows-selenium-chromedriver
(npm)
Sep 1, 2020
Downloads Resources over HTTP in node-air-sdk
High
CVE-2016-10647
was published
for
node-air-sdk
(npm)
Sep 1, 2020
frames-compiler downloads Resources over HTTP
High
CVE-2016-10649
was published
for
frames-compiler
(npm)
Sep 1, 2020
Downloads Resources over HTTP in apk-parser3
High
CVE-2016-10574
was published
for
apk-parser3
(npm)
Sep 1, 2020
Downloads Resources over HTTP in apk-parser
High
CVE-2016-10564
was published
for
apk-parser
(npm)
Sep 1, 2020
ProTip!
Advisories are also available from the
GraphQL API