GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
Forwarding of confidentials headers to third parties in fluture-node
Low
CVE-2022-24719
was published
for
fluture-node
(npm)
Mar 1, 2022
Nautobot vulnerable to exposure of hashed user passwords via REST API
High
CVE-2023-46128
was published
for
nautobot
(pip)
Oct 24, 2023
org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users
Moderate
CVE-2024-46979
was published
for
org.xwiki.platform:xwiki-platform-notifications-ui
(Maven)
Sep 18, 2024
XWiki Platform document history including authors of any page exposed to unauthorized actors
Moderate
CVE-2024-45591
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
Sep 10, 2024
Matrix SDK for React's URL preview setting for a room is controllable by the homeserver
Moderate
CVE-2024-42347
was published
for
matrix-react-sdk
(npm)
Aug 6, 2024
Saleor: Customers' addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method
Moderate
CVE-2024-29888
was published
for
saleor
(pip)
Mar 28, 2024
Exposure of sensitive information in follow-redirects
High
CVE-2022-0155
was published
for
follow-redirects
(npm)
Jan 12, 2022
XWiki Platform may show email addresses in clear in REST results
High
CVE-2023-35151
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
Jun 20, 2023
Information exposure in microweber
Moderate
CVE-2023-2239
was published
for
microweber/microweber
(Composer)
Apr 22, 2023
Unauthenticated user can list hidden document from multiple velocity templates in XWiki
Moderate
CVE-2022-24820
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Apr 8, 2022
Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm
Low
CVE-2023-29203
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Apr 12, 2023
Exposure of Private Personal Information to an Unauthorized Actor in alextselegidis/easyappointments
Critical
CVE-2022-0482
was published
for
alextselegidis/easyappointments
(Composer)
Mar 10, 2022
Exposure of Private Personal Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-rest-server
Moderate
CVE-2022-41936
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
Nov 21, 2022
Exposure of password hashes in notrinos/notrinos-erp
High
CVE-2022-2921
was published
for
notrinos/notrinos-erp
(Composer)
Aug 22, 2022
XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor
High
CVE-2022-36091
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Sep 16, 2022
Incorrect Authorization in cross-fetch
Moderate
CVE-2022-1365
was published
for
cross-fetch
(npm)
Apr 17, 2022
Unauthenticated user can retrieve the list of users through uorgsuggest.vm
Moderate
CVE-2022-24819
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Apr 8, 2022
ProTip!
Advisories are also available from the
GraphQL API