GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
23 advisories
Filter by severity
OpenC3 stores passwords in clear text (`GHSL-2024-129`)
Moderate
CVE-2024-47529
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
OAuth2 client ID and secret exposed through the web browser
High
CVE-2024-9014
was published
for
pgadmin4
(pip)
Sep 23, 2024
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance
Moderate
CVE-2024-24595
was published
for
clearml
(pip)
Feb 6, 2024
OpenStack Barbican credential leak flaw
Moderate
CVE-2023-1633
was published
for
barbican
(pip)
Sep 24, 2023
Plaintext storage of tokens in pulp_ansible
Moderate
CVE-2022-3644
was published
for
pulp-ansible
(pip)
Oct 25, 2022
python-oslo-utils has improper password parsing
Moderate
CVE-2022-0718
was published
for
oslo-utils
(pip)
Aug 29, 2022
rpc.py vulnerable to Deserialization of Untrusted Data
Critical
CVE-2022-35411
was published
for
rpc.py
(pip)
Jul 9, 2022
Ansible Exposes Sensitive Information
High
CVE-2021-20228
was published
for
ansible
(pip)
May 25, 2022
Apache Superset allowed for database connections password leak for authenticated users
High
CVE-2021-41972
was published
for
apache-superset
(pip)
May 24, 2022
SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod
Moderate
CVE-2021-25284
was published
for
salt
(pip)
May 24, 2022
Openstack cinder Improper handling of ScaleIO backend credentials
High
CVE-2020-10755
was published
for
cinder
(pip)
May 24, 2022
OpenStack Keystone Credential Leakage
High
CVE-2019-19687
was published
for
keystone
(pip)
May 24, 2022
Ansible password prompts could expose passwords
High
CVE-2019-10206
was published
for
ansible
(pip)
May 24, 2022
Ansible sets unsafe permissions for sources.list
Moderate
CVE-2014-4659
was published
for
ansible
(pip)
May 17, 2022
python-keystoneclient vulnerable to context confusion in Keystone auth_token middleware
Low
CVE-2014-0105
was published
for
python-keystoneclient
(pip)
May 17, 2022
SiCKRAGE Discloses Plaintext Credentials
Critical
CVE-2018-9160
was published
for
sickrage
(pip)
May 13, 2022
Cloudtoken Insufficiently Protects Credentials
Low
CVE-2018-13390
was published
for
cloudtoken
(pip)
May 13, 2022
OpenStack Identity Keystone and keystonemiddleware Insufficiently Protected Credentials
High
CVE-2015-7546
was published
for
keystone
(pip)
May 13, 2022
Insufficiently Protected Credentials in Apache Superset
High
CVE-2021-44451
was published
for
apache-superset
(pip)
Feb 2, 2022
Scrapy HTTP authentication credentials potentially leaked to target websites
Moderate
CVE-2021-41125
was published
for
Scrapy
(pip)
Oct 6, 2021
django-nopassword stores secrets in cleartext
High
CVE-2019-10682
was published
for
django-nopassword
(pip)
Jun 5, 2020
Insufficiently Protected Credentials in Requests
High
CVE-2018-18074
was published
for
requests
(pip)
Oct 29, 2018
Django allows unprivileged users to read the password hashes of arbitrary accounts
Moderate
CVE-2018-16984
was published
for
django
(pip)
Oct 3, 2018
ProTip!
Advisories are also available from the
GraphQL API