GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
84 advisories
Filter by severity
Apache Hive and Spark: CookieSigner exposes the correct signature when message verification fails
High
CVE-2024-23945
was published
for
org.apache.hive:hive-service
(Maven)
Dec 23, 2024
Apache Superset: Error verbosity exposes metadata in analytics databases
Moderate
CVE-2024-53948
was published
for
apache-superset
(pip)
Dec 9, 2024
phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available
High
CVE-2024-54141
was published
for
thorsten/phpmyfaq
(Composer)
Dec 6, 2024
Sentry improper error handling leaks Application Integration Client Secret
Moderate
CVE-2024-53253
was published
for
sentry
(pip)
Nov 22, 2024
Moodle leaks user names
Moderate
CVE-2024-48896
was published
for
moodle/moodle
(Composer)
Nov 18, 2024
Generation of Error Message Containing Sensitive Information in janeczku/calibre-web
Moderate
CVE-2021-3986
was published
for
calibreweb
(pip)
Nov 15, 2024
open-webui allows enumeration of file names and traversal of directories by observing the error messages
Low
CVE-2024-7038
was published
for
open-webui
(pip)
Oct 9, 2024
Jenkins exposes multi-line secrets through error messages
Moderate
CVE-2024-47803
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Oct 2, 2024
Drupal Full Path Disclosure
Moderate
CVE-2024-45440
was published
for
drupal/core
(Composer)
Aug 29, 2024
CKAN may leak Solr credentials via error message in package_search action
Moderate
CVE-2024-41674
was published
for
ckan
(pip)
Aug 21, 2024
Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2024-43376
was published
for
Umbraco.Cms.Api.Management
(NuGet)
Aug 20, 2024
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm
High
GHSA-6vjm-54vp-mxhx
was published
for
github.com/juju/juju
(Go)
Aug 5, 2024
Duplicate Advisory: Juju leaks of the sensitive context ID
High
GHSA-8c64-q78q-87r6
was published
for
github.com/juju/juju
(Go)
Jul 29, 2024
•
withdrawn
Exposure of secrets through system log in Jenkins Structs Plugin
Low
CVE-2024-39458
was published
for
org.jenkins-ci.plugins:structs
(Maven)
Jun 26, 2024
Generation of Error Message Containing Sensitive Information in zsa
Moderate
CVE-2024-37162
was published
for
zsa
(npm)
Jun 6, 2024
Argo-cd authenticated users can enumerate clusters by name
Moderate
CVE-2024-36106
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 6, 2024
silverstripe/framework may disclose database credentials during connection failure
Moderate
GHSA-m2hh-2m46-x6j5
was published
for
silverstripe/framework
(Composer)
May 28, 2024
github.com/huandu/facebook may expose access_token in error message.
Low
CVE-2024-35232
was published
for
github.com/huandu/facebook/v2
(Go)
May 24, 2024
Passbolt Api Retrieval of HTTP-only cookies
Low
GHSA-f5pp-pmq8-gp46
was published
for
passbolt/passbolt_api
(Composer)
May 20, 2024
Grafana User enumeration via forget password
High
CVE-2022-39307
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Apache Superset: Improper error handling on alerts
Moderate
CVE-2024-27315
was published
for
apache-superset
(pip)
Feb 28, 2024
Exposure of sensitive information in ClickHouse
High
CVE-2024-23689
was published
for
com.clickhouse:clickhouse-client
(Maven)
Jan 19, 2024
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2024-21733
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 19, 2024
@backstage/backend-app-api leaks GitLab access tokens
High
CVE-2023-6944
was published
for
@backstage/backend-app-api
(npm)
Jan 4, 2024
jupyter-server errors include tracebacks with path information
Moderate
CVE-2023-49080
was published
for
jupyter-server
(pip)
Dec 5, 2023
ProTip!
Advisories are also available from the
GraphQL API