GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
983 advisories
Filter by severity
Unauthenticated views may expose information to anonymous users
Low
CVE-2024-29199
was published
for
nautobot
(pip)
Mar 26, 2024
Apache Camel data exposure vulnerability
Low
CVE-2024-22371
was published
for
org.apache.camel:camel-core
(Maven)
Feb 26, 2024
Exposure of Sensitive Information to an Unauthorized Actor in Apache hive
Low
CVE-2018-1284
was published
for
org.apache.hive:hive
(Maven)
Nov 21, 2018
Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin
Low
GHSA-68c2-4mpx-qh95
was published
for
@sentry/react-native
(npm)
Mar 1, 2024
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish...
Low
Unreviewed
CVE-2008-1567
was published
May 1, 2022
Undici's cookie header not cleared on cross-origin redirect in fetch
Low
CVE-2023-45143
was published
for
undici
(npm)
Oct 16, 2023
Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management...
Low
Unreviewed
CVE-2024-1591
was published
Feb 16, 2024
Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for...
Low
Unreviewed
CVE-2005-4868
was published
May 1, 2022
Apache Tomcat information disclosure vulnerability
Low
CVE-2008-4308
was published
for
org.apache.tomcat:tomcat
(Maven)
May 2, 2022
Information disclosure of source code in SimpleSAMLphp
Low
CVE-2020-5301
was published
for
simplesamlphp/simplesamlphp
(Composer)
Apr 22, 2020
Moodle's login_as feature leaks information from external repositories
Low
CVE-2013-1835
was published
for
moodle/moodle
(Composer)
May 13, 2022
An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual...
Low
Unreviewed
CVE-2020-12880
was published
May 24, 2022
OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled
Low
CVE-2011-4457
was published
for
com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
(Maven)
May 17, 2022
IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. ...
Low
Unreviewed
CVE-2023-50950
was published
Jan 17, 2024
A vulnerability was found in code-projects Dormitory Management System 1.0. It has been rated as...
Low
Unreviewed
CVE-2024-0472
was published
Jan 13, 2024
Typo3 Backend Configuration XSS Vulnerability
Low
CVE-2012-3529
was published
for
typo3/cms
(Composer)
May 17, 2022
SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email.
Low
CVE-2023-49274
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Brute force exploit can be used to collect valid usernames
Low
CVE-2023-49278
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
An information disclosure vulnerability exists when the Windows WaasMedic Service improperly...
Low
Unreviewed
CVE-2020-1548
was published
May 24, 2022
An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service...
Low
Unreviewed
CVE-2020-1485
was published
May 24, 2022
An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access...
Low
Unreviewed
CVE-2020-1383
was published
May 24, 2022
An information disclosure vulnerability exists on ARM implementations that use speculative...
Low
Unreviewed
CVE-2020-1459
was published
May 24, 2022
An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service...
Low
Unreviewed
CVE-2020-1474
was published
May 24, 2022
Magento information disclosure vulnerability
Low
CVE-2020-24406
was published
for
magento/community-edition
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API