Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

983 advisories

Loading
Unauthenticated views may expose information to anonymous users Low
CVE-2024-29199 was published for nautobot (pip) Mar 26, 2024
joewesch
Session Token in URL in directus Low
CVE-2024-28238 was published for directus (npm) Mar 12, 2024
Apache Camel data exposure vulnerability Low
CVE-2024-22371 was published for org.apache.camel:camel-core (Maven) Feb 26, 2024
rsrikanth11
Exposure of Sensitive Information to an Unauthorized Actor in Apache hive Low
CVE-2018-1284 was published for org.apache.hive:hive (Maven) Nov 21, 2018
MarkLee131
Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin Low
GHSA-68c2-4mpx-qh95 was published for @sentry/react-native (npm) Mar 1, 2024
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish... Low Unreviewed
CVE-2008-1567 was published May 1, 2022
Undici's cookie header not cleared on cross-origin redirect in fetch Low
CVE-2023-45143 was published for undici (npm) Oct 16, 2023
ranjit-git KhafraDev
mcollina
Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management... Low Unreviewed
CVE-2024-1591 was published Feb 16, 2024
Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for... Low Unreviewed
CVE-2005-4868 was published May 1, 2022
Apache Tomcat information disclosure vulnerability Low
CVE-2008-4308 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
Information disclosure of source code in SimpleSAMLphp Low
CVE-2020-5301 was published for simplesamlphp/simplesamlphp (Composer) Apr 22, 2020
slawn
Moodle's login_as feature leaks information from external repositories Low
CVE-2013-1835 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual... Low Unreviewed
CVE-2020-12880 was published May 24, 2022
OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled Low
CVE-2011-4457 was published for com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer (Maven) May 17, 2022
IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. ... Low Unreviewed
CVE-2023-50950 was published Jan 17, 2024
A vulnerability was found in code-projects Dormitory Management System 1.0. It has been rated as... Low Unreviewed
CVE-2024-0472 was published Jan 13, 2024
Typo3 Backend Configuration XSS Vulnerability Low
CVE-2012-3529 was published for typo3/cms (Composer) May 17, 2022
SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email. Low
CVE-2023-49274 was published for Umbraco.CMS (NuGet) Dec 13, 2023
emmagarland
Brute force exploit can be used to collect valid usernames Low
CVE-2023-49278 was published for Umbraco.CMS (NuGet) Dec 13, 2023
An information disclosure vulnerability exists when the Windows WaasMedic Service improperly... Low Unreviewed
CVE-2020-1548 was published May 24, 2022
An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service... Low Unreviewed
CVE-2020-1485 was published May 24, 2022
An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access... Low Unreviewed
CVE-2020-1383 was published May 24, 2022
An information disclosure vulnerability exists on ARM implementations that use speculative... Low Unreviewed
CVE-2020-1459 was published May 24, 2022
An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service... Low Unreviewed
CVE-2020-1474 was published May 24, 2022
Magento information disclosure vulnerability Low
CVE-2020-24406 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API