Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,086 advisories

Loading
Insufficiently Protected Credentials in Elasticsearch Moderate
CVE-2021-22132 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Sensitive data exposure in NATS High
CVE-2020-26149 was published for nats (npm) Oct 8, 2020
django-nopassword stores secrets in cleartext High
CVE-2019-10682 was published for django-nopassword (pip) Jun 5, 2020
Private key leak in Apache CXF High
CVE-2019-12423 was published for org.apache.cxf:apache-cxf (Maven) May 22, 2020
Information disclosure through error object in auth0.js High
CVE-2020-5263 was published for auth0-js (npm) Apr 10, 2020
Insufficient Nonce Validation in Eclipse Milo Client High
CVE-2019-19135 was published for org.eclipse.milo:sdk-client (Maven) Mar 16, 2020
Insufficiently Protected Credentials in Apache Tomcat High
CVE-2019-12418 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Dec 26, 2019
Insufficiently Protected Credentials in Pivotal Reactor Netty High
CVE-2019-11284 was published for io.projectreactor.netty:reactor-netty (Maven) Oct 23, 2019
Insufficiently Protected Credentials and Improper Authentication in Spring Security High
CVE-2019-11272 was published for org.springframework.security:spring-security-cas (Maven) Jun 27, 2019
Insufficiently Protected Credentials in Requests High
CVE-2018-18074 was published for requests (pip) Oct 29, 2018
Django allows unprivileged users to read the password hashes of arbitrary accounts Moderate
CVE-2018-16984 was published for django (pip) Oct 3, 2018
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database