Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

315 advisories

Loading
IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7... High Unreviewed
CVE-2020-5026 was published Mar 2, 2023
Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True` High
CVE-2023-28117 was published for sentry-sdk (pip) Mar 21, 2023
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an... Moderate Unreviewed
CVE-2023-25687 was published Mar 21, 2023
SpiceDB binding metrics port to untrusted networks and can leak command-line flags High
CVE-2023-29193 was published for github.com/authzed/spicedb (Go) Apr 13, 2023
amit-laish
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2,... Moderate Unreviewed
CVE-2022-4769 was published Apr 3, 2023
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2,... Moderate Unreviewed
CVE-2022-4770 was published Apr 3, 2023
An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts... Moderate Unreviewed
CVE-2021-44155 was published Dec 14, 2021
Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage... Moderate Unreviewed
CVE-2022-34882 was published Sep 7, 2022
NocoDB information disclosure vulnerability High
CVE-2022-2062 was published for nocodb (npm) Jun 14, 2022
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517,... High Unreviewed
CVE-2021-26726 was published Feb 17, 2022
Action Pack contains Information Disclosure / Unintended Method Execution vulnerability High
CVE-2021-22885 was published for actionpack (RubyGems) May 5, 2021
Wildfly logs plaintext passwords Moderate
CVE-2020-25640 was published for org.wildfly:wildfly-parent (Maven) Feb 15, 2022
Kirby CMS vulnerable to user enumeration in the brute force protection Moderate
CVE-2022-39315 was published for getkirby/cms (Composer) Oct 18, 2022
Insertion of Sensitive Information into Log File in typo3/cms-core Moderate
CVE-2022-31047 was published for typo3/cms (Composer) Jun 17, 2022
mhuber84 derhansen
Eclipse Jetty Server generates error message containing sensitive information Moderate
CVE-2018-12536 was published for org.eclipse.jetty:jetty-server (Maven) Oct 19, 2018
joshbressers
Diavante vue-storefront-api and storefront-api disclose stack trace Moderate
CVE-2020-11883 was published for storefront-api (npm) May 24, 2022
ghinstallation returns app JWT in error responses Moderate
CVE-2022-39304 was published for github.com/bradleyfalzon/ghinstallation (Go) Dec 19, 2022
Miskerest
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker... Moderate Unreviewed
CVE-2021-1546 was published May 24, 2022
User account enumeration in Serenity Moderate
CVE-2023-31286 was published for Serenity.Net.Core (NuGet) Apr 27, 2023
league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase High
CVE-2023-37260 was published for league/oauth2-server (Composer) Jul 6, 2023
MHC03 christianmeller
Jenkins Folders Plugin information disclosure vulnerability Moderate
CVE-2023-40338 was published for org.jenkins-ci.plugins:cloudbees-folder (Maven) Aug 16, 2023
Apache Superset may expose internal traces on REST API endpoints Moderate
CVE-2023-39264 was published for apache-superset (pip) Sep 6, 2023
Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router... High Unreviewed
CVE-2023-41027 was published Sep 22, 2023
The response messages received from the eSOMS report generation using certain parameter queries... Moderate Unreviewed
CVE-2023-5514 was published Nov 1, 2023
CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment High
CVE-2023-46240 was published for codeigniter4/framework (Composer) Oct 30, 2023
psuet
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database