Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,406
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

27 advisories

Loading
Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers High
CVE-2026-32634 was published for Glances (pip) Mar 16, 2026
offset Credited to offset
Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist` Critical
CVE-2026-32633 was published for Glances (pip) Mar 16, 2026
offset Credited to offset
Gradio: Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret Low
CVE-2026-27167 was published for gradio (pip) Mar 1, 2026
tenbbughunters Credited to tenbbughunters
Requests vulnerable to .netrc credentials leak via malicious URLs Moderate
CVE-2024-47081 was published for requests (pip) Jun 9, 2025
sethmlarson Credited to sethmlarson, jupenur, nateprewitt, and sigmavirus24 jupenur jupenur
nateprewitt nateprewitt sigmavirus24 sigmavirus24
OpenC3 stores passwords in clear text (`GHSL-2024-129`) Moderate
CVE-2024-47529 was published for @openc3/tool-common (RubyGems) Oct 2, 2024
p- Credited to p-
OAuth2 client ID and secret exposed through the web browser High
CVE-2024-9014 was published for pgadmin4 (pip) Sep 23, 2024
m3t3kh4n Credited to m3t3kh4n
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance Moderate
CVE-2024-24595 was published for clearml (pip) Feb 6, 2024
m3t3kh4n Credited to m3t3kh4n
OpenStack Barbican credential leak flaw Moderate
CVE-2023-1633 was published for barbican (pip) Sep 24, 2023
Plaintext storage of tokens in pulp_ansible Moderate
CVE-2022-3644 was published for pulp-ansible (pip) Oct 25, 2022
python-oslo-utils has improper password parsing Moderate
CVE-2022-0718 was published for oslo-utils (pip) Aug 29, 2022
rpc.py vulnerable to Deserialization of Untrusted Data Critical
CVE-2022-35411 was published for rpc.py (pip) Jul 9, 2022
Ansible Exposes Sensitive Information High
CVE-2021-20228 was published for ansible (pip) May 25, 2022
Apache Superset allowed for database connections password leak for authenticated users High
CVE-2021-41972 was published for apache-superset (pip) May 24, 2022
SaltStack Salt Cleartext Storage of Sensitive Information via cmdmod Moderate
CVE-2021-25284 was published for salt (pip) May 24, 2022
Openstack cinder Improper handling of ScaleIO backend credentials High
CVE-2020-10755 was published for cinder (pip) May 24, 2022
OpenStack Keystone Credential Leakage High
CVE-2019-19687 was published for keystone (pip) May 24, 2022
Ansible password prompts could expose passwords High
CVE-2019-10206 was published for ansible (pip) May 24, 2022
tdunlap607 Credited to tdunlap607
Ansible sets unsafe permissions for sources.list Moderate
CVE-2014-4659 was published for ansible (pip) May 17, 2022
python-keystoneclient vulnerable to context confusion in Keystone auth_token middleware Low
CVE-2014-0105 was published for python-keystoneclient (pip) May 17, 2022
SiCKRAGE Discloses Plaintext Credentials Critical
CVE-2018-9160 was published for sickrage (pip) May 13, 2022
Cloudtoken Insufficiently Protects Credentials Low
CVE-2018-13390 was published for cloudtoken (pip) May 13, 2022
OpenStack Identity Keystone and keystonemiddleware Insufficiently Protected Credentials High
CVE-2015-7546 was published for keystone (pip) May 13, 2022
Insufficiently Protected Credentials in Apache Superset High
CVE-2021-44451 was published for apache-superset (pip) Feb 2, 2022
Scrapy HTTP authentication credentials potentially leaked to target websites Moderate
CVE-2021-41125 was published for Scrapy (pip) Oct 6, 2021
django-nopassword stores secrets in cleartext High
CVE-2019-10682 was published for django-nopassword (pip) Jun 5, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database