Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

13 advisories

Loading
python-oslo-utils has improper password parsing Moderate
CVE-2022-0718 was published for oslo-utils (pip) Aug 29, 2022
Django allows unprivileged users to read the password hashes of arbitrary accounts Moderate
CVE-2018-16984 was published for django (pip) Oct 3, 2018
sunSUNQ
Openstack cinder Improper handling of ScaleIO backend credentials Moderate
CVE-2020-10755 was published for cinder (pip) May 24, 2022
Insufficiently Protected Credentials in Apache Superset Moderate
CVE-2021-44451 was published for apache-superset (pip) Feb 2, 2022
Apache Superset allowed for database connections password leak for authenticated users Moderate
CVE-2021-41972 was published for apache-superset (pip) May 24, 2022
Ansible sets unsafe permissions for sources.list Moderate
CVE-2014-4659 was published for ansible (pip) May 17, 2022
Ansible password prompts could expose passwords Moderate
CVE-2019-10206 was published for ansible (pip) May 24, 2022
tdunlap607
SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod Moderate
CVE-2021-25284 was published for salt (pip) May 24, 2022
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance Moderate
CVE-2024-24595 was published for clearml (pip) Feb 6, 2024
m3t3kh4n
Scrapy HTTP authentication credentials potentially leaked to target websites Moderate
CVE-2021-41125 was published for Scrapy (pip) Oct 6, 2021
OpenStack Barbican credential leak flaw Moderate
CVE-2023-1633 was published for barbican (pip) Sep 24, 2023
python-keystoneclient vulnerable to context confusion in Keystone auth_token middleware Moderate
CVE-2014-0105 was published for python-keystoneclient (pip) May 17, 2022
Plaintext storage of tokens in pulp_ansible Moderate
CVE-2022-3644 was published for pulp-ansible (pip) Oct 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database