Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

14 advisories

Loading
EVE Doesn't Protect Config Partition with Measured Boot Moderate
CVE-2023-43634 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE's Debug Functions Unlockable Without Triggering Measured Boot Moderate
CVE-2023-43633 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
EVE: SSH as Root Unlockable Without Triggering Measured Boot Moderate
CVE-2023-43631 was published for github.com/lf-edge/eve (Go) Feb 4, 2026
Weblate wlc has insecure API key configuration Moderate
CVE-2026-22251 was published for wlc (pip) Jan 12, 2026
nijel Credited to nijel and Zee99y Zee99y Zee99y
Spoofing attack in swagger-ui Moderate
CVE-2018-25031 was published for org.webjars:swagger-ui (Maven) Mar 12, 2022
AndrzejBiernacki2010 Credited to AndrzejBiernacki2010
MantisBT Insecure Storage in manage_proj_edit_page.php Moderate
CVE-2020-29603 was published for mantisbt/mantisbt (Composer) May 24, 2022
Apache StreamPark: Information leakage vulnerability Moderate
CVE-2024-29120 was published for org.apache.streampark:streampark (Maven) Jul 17, 2024
Logging of the firestore key within nodejs-firestore Moderate
CVE-2023-6460 was published for @google-cloud/firestore (npm) Dec 4, 2023
abhishekwebcode Credited to abhishekwebcode
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin Moderate
CVE-2024-39459 was published for org.jenkins-ci.plugins:plain-credentials (Maven) Jun 26, 2024
Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions Moderate
CVE-2024-23445 was published for org.elasticsearch:elasticsearch (Maven) Jun 12, 2024
scikit-learn sensitive data leakage vulnerability Moderate
CVE-2024-5206 was published for scikit-learn (pip) Jun 6, 2024
Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds Moderate
CVE-2023-50298 was published for org.apache.solr:solr-solrj (Maven) Feb 9, 2024
DanielRuf Credited to DanielRuf
Authentication bypass in Apache Kylin Moderate
CVE-2020-13937 was published for org.apache.kylin:kylin (Maven) Feb 10, 2022
Publify Core does not strip metadata from images Moderate
CVE-2022-2815 was published for publify_core (RubyGems) Jan 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database