Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

158 advisories

Loading
Gradio uses insecure communication between the FRP client and server High
CVE-2024-47871 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
NASA AIT-Core uses unencrypted channels to exchange data over the network High
CVE-2024-35061 was published for ait-core (pip) May 21, 2024
twitch-tui's connection is not encrypted High
CVE-2023-38688 was published for twitch-tui (Rust) Jul 31, 2023
Roger
HashiCorp Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured High
CVE-2023-0690 was published for github.com/hashicorp/boundary (Go) Jul 6, 2023
Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute High
CVE-2018-25060 was published for github.com/go-macaron/csrf (Go) Dec 30, 2022
Noise vulnerable to denial of service High
CVE-2021-4239 was published for github.com/flynn/noise (Go) Dec 28, 2022
phpMyFAQ has insecure HTTP cookies High
CVE-2022-4409 was published for thorsten/phpmyfaq (Composer) Dec 11, 2022
rdiffweb 2.4.1 vulnerable to Sensitive Cookie in HTTPS Session Without 'Secure' Attribute High
CVE-2022-3174 was published for rdiffweb (pip) Sep 14, 2022
AES OCB fails to encrypt some bytes High
CVE-2022-2097 was published for openssl-src (Rust) Jul 6, 2022
another-rex
OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID High
CVE-2020-12691 was published for keystone (pip) May 24, 2022
OpenAPI Tools OpenAPI Generator uses HTTP in various files High
CVE-2019-11405 was published for org.openapitools:openapi-generator (Maven) May 24, 2022
Craft CMS Vulnerable to Server-Side Template Injection High
CVE-2018-20465 was published for craftcms/cms (Composer) May 13, 2022
Ansible Leaks Data Passed to ssh-keygen High
CVE-2018-16837 was published for ansible (pip) May 13, 2022
Missing Encryption of Sensitive Data in Apache Guacamole High
CVE-2018-1340 was published for org.apache.guacamole:guacamole-common (Maven) May 13, 2022
Jenkins HockeyApp Plugin stores credentials in plain text High
CVE-2019-1003053 was published for org.jenkins-ci.plugins:hockeyapp (Maven) May 13, 2022
Missing encryption in Apache Directory Studio High
CVE-2021-33900 was published for org.apache.directory.studio:org.apache.directory.studio.parent (Maven) Aug 9, 2021
Downloads Resources over HTTP in pm2-kafka High
CVE-2016-10693 was published for pm2-kafka (npm) Sep 1, 2020
Downloads Resources over HTTP in npm-test-sqlite3-trunk High
CVE-2016-10695 was published for npm-test-sqlite3-trunk (npm) Sep 1, 2020
Downloads Resources over HTTP in windows-latestchromedriver High
CVE-2016-10696 was published for windows-latestchromedriver (npm) Sep 1, 2020
Downloads Resources over HTTP in roslib-socketio High
CVE-2016-10681 was published for roslib-socketio (npm) Sep 1, 2020
gfe-sass downloads Resources over HTTP High
CVE-2017-16040 was published for gfe-sass (npm) Sep 1, 2020
windows-selenium-chromedriver downloads Resources over HTTP High
CVE-2016-10687 was published for windows-selenium-chromedriver (npm) Sep 1, 2020
Downloads Resources over HTTP in node-air-sdk High
CVE-2016-10647 was published for node-air-sdk (npm) Sep 1, 2020
frames-compiler downloads Resources over HTTP High
CVE-2016-10649 was published for frames-compiler (npm) Sep 1, 2020
Downloads Resources over HTTP in apk-parser3 High
CVE-2016-10574 was published for apk-parser3 (npm) Sep 1, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database