Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

136 advisories

Loading
Remote code execution in Apache Tapestry Critical
CVE-2021-27850 was published for org.apache.tapestry:tapestry-core (Maven) Jun 16, 2021
Sensitive Data Exposure in miniorange_saml High
CVE-2021-36786 was published for miniorange/miniorange-saml (Composer) Sep 1, 2021
Improper use of cryptographic key in wal-g High
CVE-2021-38599 was published for github.com/wal-g/wal-g (Go) Sep 2, 2021
Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to... Low Unreviewed
CVE-2021-25524 was published Dec 9, 2021
Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows... Low Unreviewed
CVE-2021-25523 was published Dec 9, 2021
Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02... Low Unreviewed
CVE-2021-25522 was published Dec 9, 2021
The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a... High Unreviewed
CVE-2021-42913 was published Dec 21, 2021
An issue existed in the storage of sensitive tokens. This issue was addressed by placing the... Moderate Unreviewed
CVE-2017-13909 was published Dec 24, 2021
A insecure storage of sensitive information vulnerability exists in Ivanti Workspace Control ... Moderate Unreviewed
CVE-2022-21823 was published Jan 11, 2022
Authentication bypass in Apache Kylin Moderate
CVE-2020-13937 was published for org.apache.kylin:kylin (Maven) Feb 10, 2022
Insecure Storage of Sensitive Information in Microweber High
CVE-2022-0724 was published for microweber/microweber (Composer) Feb 24, 2022
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be... High Unreviewed
CVE-2022-25264 was published Feb 26, 2022
Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1. Moderate Unreviewed
CVE-2022-0881 was published Mar 10, 2022
Spoofing attack in swagger-ui Moderate
CVE-2018-25031 was published for swagger-ui (npm) Mar 12, 2022
Philips Gemini PET/CT family software stores sensitive information in a removable media device... Low Unreviewed
CVE-2021-27456 was published Mar 24, 2022
Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior... Moderate Unreviewed
CVE-2022-1257 was published Apr 15, 2022
An insecure data storage vulnerability allows a physical attacker with root privileges to... Low Unreviewed
CVE-2021-25266 was published Apr 28, 2022
Insecure password handling vulnerability in Strapi High
CVE-2021-46440 was published for @strapi/strapi (npm) May 4, 2022
Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel... Moderate Unreviewed
CVE-2022-1044 was published May 13, 2022
An information disclosure vulnerability in File-Based Encryption could enable a local malicious... Moderate Unreviewed
CVE-2017-0493 was published May 13, 2022
SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where... Moderate Unreviewed
CVE-2017-16560 was published May 13, 2022
USB Pratirodh is prone to sensitive information disclosure. It stores sensitive information such... Moderate Unreviewed
CVE-2017-6911 was published May 13, 2022
Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low... High Unreviewed
CVE-2017-7253 was published May 13, 2022
SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade... Moderate Unreviewed
CVE-2019-3684 was published May 24, 2022
The iOS mobile application BlueCats Reveal before 5.14 stores the username and password in the... High Unreviewed
CVE-2019-5627 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API