GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
30
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,299
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
Django allows unprivileged users to read the password hashes of arbitrary accounts
Moderate
CVE-2018-16984
was published
for
django
(pip)
Oct 3, 2018
Scrapy HTTP authentication credentials potentially leaked to target websites
Moderate
CVE-2021-41125
was published
for
Scrapy
(pip)
Oct 6, 2021
Insufficiently Protected Credentials in Apache Superset
Moderate
CVE-2021-44451
was published
for
apache-superset
(pip)
Feb 2, 2022
python-keystoneclient vulnerable to context confusion in Keystone auth_token middleware
Moderate
CVE-2014-0105
was published
for
python-keystoneclient
(pip)
May 17, 2022
Ansible sets unsafe permissions for sources.list
Moderate
CVE-2014-4659
was published
for
ansible
(pip)
May 17, 2022
Ansible password prompts could expose passwords
Moderate
CVE-2019-10206
was published
for
ansible
(pip)
May 24, 2022
Openstack cinder Improper handling of ScaleIO backend credentials
Moderate
CVE-2020-10755
was published
for
cinder
(pip)
May 24, 2022
SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod
Moderate
CVE-2021-25284
was published
for
salt
(pip)
May 24, 2022
Apache Superset allowed for database connections password leak for authenticated users
Moderate
CVE-2021-41972
was published
for
apache-superset
(pip)
May 24, 2022
python-oslo-utils has improper password parsing
Moderate
CVE-2022-0718
was published
for
oslo-utils
(pip)
Aug 29, 2022
Plaintext storage of tokens in pulp_ansible
Moderate
CVE-2022-3644
was published
for
pulp-ansible
(pip)
Oct 25, 2022
OpenStack Barbican credential leak flaw
Moderate
CVE-2023-1633
was published
for
barbican
(pip)
Sep 24, 2023
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance
Moderate
CVE-2024-24595
was published
for
clearml
(pip)
Feb 6, 2024
ProTip!
Advisories are also available from the
GraphQL API